-
#### What happened:
After concluding some seccomp `ProfileRecording`s, two of the profiles failed to install; one has an empty status and the other is stuck in `Terminating`:
```
$ k get sp -A …
-
When Kubernetes Pod Security Standards implemented as Kyverno policies on k8s cluster, rbac-manager shows policy failed in PolicyReport as following
- category: Pod Security Standards (Restricted)
…
-
I think we need to rework the approach towards seccomp because the stub workaround I came up earlier this year in opencontainers/runc#2750 seems to not be doing a great job of solving the problem (may…
-
Docker now has the ability to set seccomp profiles on a container (https://github.com/docker/docker/pull/17989),
however, writing a custom profile can be tedious, and leads to a lot
of repetition if…
-
**Is your feature request related to a problem? Please describe**.
Improve zero day exploit protections for containers running untrusted code
**Describe the solution you'd like**.
Ability t…
-
My use case:
1. Collect seccomp profiles using SPO
2. Put these profiles as json files in Gitlab project
3. In Gitlab CI/CD pipeline push profiles as oci artifcats to Gitlab registry
4. Specify r…
-
Both the default apparmor and seccomp profiles contain restrictions for **mount**. While seccomp allows it for CAP_SYS_ADMIN, apparmor blocks it altogether: https://github.com/moby/moby/blob/2eb…
-
## Cilium Feature Proposal
`cilium-connectivity test` is spinning up some pods to tests all sorts of egress/ingress communication paths within the cluster. But having a `gateKeeper` in place, pods no…
-
Hi,
Currently, there is no way to update security profiles loaded into containers. We can only specify security profiles for seccomp/apparmor/SELinux during `docker run` using `--security-opt `. Bu…
-
Enable seccomp profiles by default to restrict syscalls. See [Kubernetes documentation](https://kubernetes.io/docs/tutorials/security/seccomp/).
This will be added as a new kubelet parameter in custo…