Closed JWT95 closed 1 year ago
Thanks for opening your first issue here! Be sure to follow the issue template!
Why not both? 🙂 If you are interested in contributing, we would be happy to accept this change.
EDIT: Actually, since unconfined
runs apparmor with no security profile, I think we want to discourage this. We should introduce an override label.
ISSUE TYPE
FEATURE IDEA
Proposal: At current kubeaudit does not support annotations of the form:
container.apparmor.security.beta.kubernetes.io/<container>: unconfined
. It errors with:Message: AppArmor is disabled
. This can't be overriden because kubeaudit doesn't support apparmor override errors.But the
unconfined
profile is supported by k8s and may be used for containers that need access to/proc
but can't uselocalhost
profiles.kubeaudit should either support the
unconfined
profile or allow overrides for apparmor. I think the same applies for seccomp.