Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mount procfs instead of using hostpid #1688

Open
daemon1024 opened this issue Mar 14, 2024 · 3 comments · May be fixed by #1833 or #1831
Open

mount procfs instead of using hostpid #1688

daemon1024 opened this issue Mar 14, 2024 · 3 comments · May be fixed by #1833 or #1831
Assignees
@yp969803
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@daemon1024
Copy link
Member

Feature Request

KubeArmor needs access to host's procfs to stich container and real time process information we get from eBPF.

Is your feature request related to a problem? Please describe the use case.

Sharing pid ns with host is more risky than just accessing procfs.

Describe the solution you'd like

  • We can mount and set procfs to readonly maybe alleviating a lot of risks involded with mounting procfs
  • Add configuration in KubeArmor to support custom path prefix for procfs

Related #1186
@daemon1024 daemon1024 added enhancement New feature or request help wanted Extra attention is needed labels Mar 14, 2024
@yp969803
Copy link

yp969803 commented Aug 7, 2024

@daemon1024 is the issue open to work?

@daemon1024
Copy link
Member Author

Yes @yp969803

@yp969803
Copy link

yp969803 commented Aug 9, 2024

/assign

yp969803 added a commit to yp969803/KubeArmor that referenced this issue Aug 11, 2024
@yp969803
feat: mount procfs instead of using hostpid (kubearmor#1688)
713c5a5 
Signed-off-by: Yash Patel <[email protected]>
@yp969803 yp969803 linked a pull request Aug 11, 2024 that will close this issue
Open
7 tasks
@daemon1024 daemon1024 linked a pull request Oct 15, 2024 that will close this issue
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yp969803 yp969803

Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
v1.4.0 Release
Status: Triage
Milestone
No milestone
2 participants
@daemon1024 @yp969803