win-sshproxy binay was blocked by CloudStrike during version 5.2.0~5.2.5

[specter119]

Issue Description

win-sshproxy binay was blocked by CloudStrike during version 5.2.0~5.2.5

Steps to reproduce the issue

Steps to reproduce the issue

1. install CloudStrike
2. setup podman default machine for windows
3. podman machine start

Describe the results you received

Starting machine "podman-machine-default"

This machine is currently configured in rootless mode. If your containers require root permissions (e.g. ports < 1024), or if you run into compatibility issues with non-podman clients, you can switch using the following command:

    podman machine set --rootful

API forwarding for Docker API clients is not available due to the following startup failures. fork/exec \podman\5.2.5\usr\bin\win-sshproxy.exe: Access is denied.

Podman clients are still able to connect.

Describe the results you expected

Starting machine "podman-machine-default"

This machine is currently configured in rootless mode. If your containers require root permissions (e.g. ports < 1024), or if you run into compatibility issues with non-podman clients, you can switch using the following command:

    podman machine set --rootful

API forwarding listening on: npipe:////./pipe/docker_engine

Docker API clients default to this address. You do not need to set DOCKER_HOST. Machine "podman-machine-default" started successfully

podman info output

host: arch: amd64 buildahVersion: 1.37.3 cgroupControllers: [] cgroupManager: cgroupfs cgroupVersion: v1 conmon: package: conmon-2.1.12-2.fc40.x86_64 path: /usr/bin/conmon version: 'conmon version 2.1.12, commit: ' cpuUtilization: idlePercent: 95.87 systemPercent: 1.25 userPercent: 2.89 cpus: 8 databaseBackend: sqlite distribution: distribution: fedora variant: container version: "40" eventLogger: journald freeLocks: 2046 hostname: ZHADSCOE03-W10 idMappings: gidmap:

• container_id: 0 host_id: 1000 size: 1
• container_id: 1 host_id: 524288 size: 65536 uidmap:
• container_id: 0 host_id: 1000 size: 1
• container_id: 1 host_id: 524288 size: 65536 kernel: 5.15.146.1-microsoft-standard-WSL2 linkmode: dynamic logDriver: journald memFree: 83502100480 memTotal: 84343291904 networkBackend: netavark networkBackendInfo: backend: netavark dns: package: aardvark-dns-1.12.2-2.fc40.x86_64 path: /usr/libexec/podman/aardvark-dns version: aardvark-dns 1.12.2 package: netavark-1.12.2-1.fc40.x86_64 path: /usr/libexec/podman/netavark version: netavark 1.12.2 ociRuntime: name: crun package: crun-1.17-1.fc40.x86_64 path: /usr/bin/crun version: |- crun version 1.17 commit: 000fa0d4eeed8938301f3bcf8206405315bc1017 rundir: /run/user/1000/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL os: linux pasta: executable: /usr/bin/pasta package: passt-0^20240906.g6b38f07-1.fc40.x86_64 version: | pasta 0^20240906.g6b38f07-1.fc40.x86_64 Copyright Red Hat GNU General Public License, version 2 or later https://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. remoteSocket: exists: true path: /run/user/1000/podman/podman.sock rootlessNetworkCmd: pasta security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: false serviceIsRemote: true slirp4netns: executable: "" package: "" version: "" swapFree: 21474836480 swapTotal: 21474836480 uptime: 0h 34m 54.00s variant: "" plugins: authorization: null log:
  • k8s-file
  • none
  • passthrough
  • journald network:
  • bridge
  • macvlan
  • ipvlan volume:
  • local registries: docker.io: Blocked: false Insecure: false Location: docker.io MirrorByDigestOnly: false Mirrors:
• Insecure: false Location: artifact-docker-v2-repository-virtual-external.digital.oocl.com PullFromMirror: "" Prefix: docker.io PullFromMirror: "" search:
  • docker.io store: configFile: /home/user/.config/containers/storage.conf containerStore: number: 0 paused: 0 running: 0 stopped: 0 graphDriverName: overlay graphOptions: {} graphRoot: /home/user/.local/share/containers/storage graphRootAllocated: 1081101176832 graphRootUsed: 50281512960 graphStatus: Backing Filesystem: extfs Native Overlay Diff: "true" Supports d_type: "true" Supports shifting: "false" Supports volatile: "true" Using metacopy: "false" imageCopyTmpDir: /var/tmp imageStore: number: 6 runRoot: /run/user/1000/containers transientStore: false volumePath: /home/user/.local/share/containers/storage/volumes version: APIVersion: 5.2.3 Built: 1727136000 BuiltTime: Tue Sep 24 08:00:00 2024 GitCommit: "" GoVersion: go1.22.7 Os: linux OsArch: linux/amd64 Version: 5.2.3

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

No response

[Luap99]

It is not clear what you are expecting from us to do about that? Ask the security vendor why this is flagged, it doesn't seem to be flagged by others and I am not aware of any problems with it from users