KubeArmor Snitch should not mount entire host rootfs

Snitch should not mount entire host rootfs

Open DelusionalOptimist opened this issue 10 months ago • 2 comments

Feature Request

Short Description KubeArmor snitch currently mounts the entire rootfs of the host - ref

Describe the solution you'd like

We should specify the host path volume mounts at a more granular level. For example:

For detecting container runtimes /var/run should be enough
For apparmor profiles /etc/apparmor.d should be enough

and so on...

We may use older KubeArmor daemonset for reference on the same.

Mar 26 '24 06:03 DelusionalOptimist

/var/run, /run to detect container runtime /sys/kernel/ for btf, securityfs /sys/module/apparmor/parameters/enabled ref: https://kubernetes.io/docs/tutorials/security/apparmor/#before-you-begin /var/lib/kubelet/seccomp for seccomp

Mar 28 '24 05:03 rksharma95

I would like to work on this.

Apr 04 '24 20:04 Utkar5hM

Fixed in https://github.com/kubearmor/KubeArmor/pull/1658

Jun 25 '24 10:06 DelusionalOptimist

@Utkar5hM please checkout issues with "good first issue" or "help wanted" label and let us know so that we can assign. Thanks : )

Jun 25 '24 10:06 DelusionalOptimist

KubeArmor KubeArmor copied to clipboard

Snitch should not mount entire host rootfs

Feature Request

KubeArmor
KubeArmor copied to clipboard