Vishnu Soman

@nyrahul we have updated all these policies before creating the v0.1.3 release. These PRs were merged into a single PR with appropriate modifications to make the release of v0.1.3. Sorry...

> @vishnusomank Please rebase onto latest dev. updated @Vyom-Yadav

@nyrahul The SA directories were selected based on the comment by @wazir-ahmed ``` The actual path k8s injects the SA is /var/run (Ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#serviceaccount-admission-controller) Ideally, applications should only access the...

Rather than asking the user to set automount to false, If we recommend a KubeArmor policy to deny/allow access to the serviceaccount based on runtime data (current scenario) will be...

@wazir-ahmed yes it is generated by `recommend.createRuntimePolicy()` @nyrahul asked to update the logic to show a deny `serviceaccount` policy if no process is accessing it

> > The only addition I see in what you're saying is.. To also recommend a list of deployments which requires automountServiceAccountToken: false. > > Right! Not mounting at all...