You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
kubectl exec -ti $(kubectl get pod -l app=nginx -o name) -- bash
Expected behavior
Permission denied for bash or at least more clear documentation for how k8s exec commands and apparmor profiles are inter-related. Scrolling though code, I couldn't easily find what's happening either.
Generated apparmor profile looks as follows /etc/apparmor.d/kubearmor-default-nginx-nginx
And this same profile if applied without kubearmor does prevent bash or anything other than nginx/sleep from running which makes sense, moreover it prevents nginx from running because of missing some other permissions. Is kubearmor somewhat different in that regard? Maybe someone can at least point to the code where this logic that skips enforcement of commands lives.
The text was updated successfully, but these errors were encountered:
Bug Report
General Information
kind k8s
To Reproduce
Expected behavior
Permission denied for bash or at least more clear documentation for how k8s exec commands and apparmor profiles are inter-related. Scrolling though code, I couldn't easily find what's happening either.
Generated apparmor profile looks as follows
/etc/apparmor.d/kubearmor-default-nginx-nginx
And this same profile if applied without kubearmor does prevent bash or anything other than nginx/sleep from running which makes sense, moreover it prevents nginx from running because of missing some other permissions. Is kubearmor somewhat different in that regard? Maybe someone can at least point to the code where this logic that skips enforcement of commands lives.
The text was updated successfully, but these errors were encountered: