KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

enable/disable visiibility for syscall

Open Prateeknandle opened this issue 1 year ago • 2 comments

Feature Request

Short Description Currently, syscall visibility is handled by turning on/off file visibility of the namespace. We need a separate process for enabling/disabling visibility for syscall.

Describe the solution you'd like

We will add a list of syscalls for which we need to have visibility over those syscalls. We'll add this list to the config map and handle the visibility further.

Prateeknandle avatar Jan 11 '24 08:01 Prateeknandle

  • We don't support logs today, only alerts based on Policy, so this will enable logs as well.
  • turn on/off syscall visibility per namespace based on visibility annotation with an additional string syscall
  • have per syscall on/off switch based on string in config map

daemon1024 avatar Jan 11 '24 10:01 daemon1024

NOTE : we already support logs for syscalls

Prateeknandle avatar Jan 29 '24 19:01 Prateeknandle