KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

mount procfs instead of using hostpid

Open daemon1024 opened this issue 11 months ago • 3 comments

Feature Request

KubeArmor needs access to host's procfs to stich container and real time process information we get from eBPF.

Is your feature request related to a problem? Please describe the use case.

Sharing pid ns with host is more risky than just accessing procfs.

Describe the solution you'd like

  • We can mount and set procfs to readonly maybe alleviating a lot of risks involded with mounting procfs
  • Add configuration in KubeArmor to support custom path prefix for procfs

Related #1186

daemon1024 avatar Mar 14 '24 11:03 daemon1024

@daemon1024 is the issue open to work?

yp969803 avatar Aug 07 '24 21:08 yp969803

Yes @yp969803

daemon1024 avatar Aug 08 '24 03:08 daemon1024

/assign

yp969803 avatar Aug 09 '24 14:08 yp969803