Closed shivaccuknox closed 7 hours ago
When the preventExecutionFromTempOrLogsFolders intent is applied, I am unable to view the tmp folder:
~ # ls /tmp/ ls: can't open '/tmp/': Permission denied ~ # cp wget /tmp/ cp: can't stat 'wget': No such file or directory ~ # cp /bin/wget /tmp/ cp: can't create '/tmp/wget': Permission denied
This is due the fact that the kubearmor policy generated is a file policy, not a process policy.
Once the kubearmor policy is changed to a process policy:
/ # ls /tmp/ / # cp /bin/wget /tmp/
/ # /tmp/wget www.google.com sh: /tmp/wget: Permission denied
When the preventExecutionFromTempOrLogsFolders intent is applied, I am unable to view the tmp folder:
~ # ls /tmp/ ls: can't open '/tmp/': Permission denied ~ # cp wget /tmp/ cp: can't stat 'wget': No such file or directory ~ # cp /bin/wget /tmp/ cp: can't create '/tmp/wget': Permission denied
This is due the fact that the kubearmor policy generated is a file policy, not a process policy.
Once the kubearmor policy is changed to a process policy:
/ # ls /tmp/ / # cp /bin/wget /tmp/
/ # /tmp/wget www.google.com sh: /tmp/wget: Permission denied