IceKube

IceKube copied to clipboard

Current checks are focused around whether any hostPath could expose a path should it exist. For example, /etc/kubernetes/admin.conf would check if that or any parent paths are shared into a pod.

This should be expanded to include both the following:

• [ ] Whether any path in a specified folder is exposed, for example /var/log/ - we don't necessarily care if we have the entire folder, or just a random path within
• [ ] Wildcard paths - for example any /home/*/.ssh/authorized_keys might be deemed acceptable