Open alen-caljuksic opened 1 year ago
hi, thank you for creating an issue. Can you elaborate a little bit? In the linked scenario if security_context does not have the read_only_root_filesystem attribute it gets added to the list of offenders. Is there a different check that you are looking for?
Hi @dorukozturk
what if the container doesn't have this parameter?
securityContext:
readOnlyRootFilesystem: true
I can see, that is not added to offender list, which is wrong. CMIIW.
Maybe this is what @alen-caljuksic meant:
pod should be added to an offender list when container.security_context not defined
It works fine when I have this parameter:
securityContext:
readOnlyRootFilesystem: false
It seems to me pod should be added to an offender list when container.security_context not defined: https://github.com/aws-samples/hardeneks/blob/main/hardeneks/namespace_based/security/pod_security.py#L146