You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should consider designing an AppArmor profile to be assigned to Capsule when installed.
Being a sensitive component in the cluster, this should be a good security improvement.
What would the new user story look like?
Prerequisites for this feature are that AppArmor must be already installed on the cluster machines.
The AppArmor profile must be deployed inside the cluster machines (before the Capsule installation)
CapsuleDeployment will need the following annotation: container.apparmor.security.beta.kubernetes.io/capsule: capsule.clastix.io
All the magic happens in the background
Expected behavior
The Capsule container will work as expected, but this will have a limited surface in case an attacker will be able to exploit it.
The text was updated successfully, but these errors were encountered:
@alegrey91 although this feature request is in the backlog, please, share your interest in continuing working on this, otherwise, it could be taken by anyone else.
@prometherion Sorry for the late reply. Unfortunately I'll not be able to work on this issue in the next weeks. I'll free the issue for other contributors.
Describe the feature
We should consider designing an AppArmor profile to be assigned to Capsule when installed.
Being a sensitive component in the cluster, this should be a good security improvement.
What would the new user story look like?
Deployment
will need the following annotation:container.apparmor.security.beta.kubernetes.io/capsule: capsule.clastix.io
Expected behavior
The Capsule container will work as expected, but this will have a limited surface in case an attacker will be able to exploit it.
The text was updated successfully, but these errors were encountered: