kvch
commented
5 years ago I am closing this PR as this repository is going to be archived. Please open your PR in https://github.com/elastic/beats
Closed GauntletWizard closed 5 years ago
kvch
commented
5 years ago I am closing this PR as this repository is going to be archived. Please open your PR in https://github.com/elastic/beats
Does this PR include tests? Yes
Hi, I'm Ted Hahn and I'm working on the Kubernetes team at Nordstrom. We're trying to implement Pod Security Policies (PSP) org-wide, and your container image is used by some of our teams.
I'm trying to remedy the following attributes:
Writes to / are not permitted to prevent attackers from overwriting binaries or modules that might be dynamically loaded or otherwise executed. This is the equivalent of running the docker image with the
--read-onlyflag.Explicitly listing writable Volumes serves as documentation for which mount points are used by the container. Docker will default to mounting a temporary volume at these locations if no other mount is given (enabling the container to still be run even with the
--read-onlyflag)