danmx
commented
4 years ago /kind documentation
Closed danmx closed 10 months ago
danmx
commented
4 years ago /kind documentation
danmx
commented
4 years ago What I got so far is:
debugfs in the host: mount -t debugfs nodev /sys/kernel/debug (https://github.com/falcosecurity/falco/issues/1071#issuecomment-599412372)/sys/kernel/debug as read-only in the container
fntlnz
commented
4 years ago I agree that this will be a very important piece of our documentation once it’s done.
Moreover, I think we can be even more granular than the single capabilities by listing the specific privileged syscalls that falco needs to do, like the bpf syscall.
Good idea @danmx - this can help a lot and can open a lot of opportunities to help harden falco and its deployments
leodido
commented
4 years ago Hey @danmx I strongly approve this idea! Would be raaad
Anyways, in issue falcosecurity/falco#628 you could find some insights :)
leodido
commented
4 years ago Also, I think this is a high priority task because it could clarify a lot of concerns about the security of a security tool :)
/priority high
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. Issues labeled "cncf", "roadmap" and "help wanted" will not be automatically closed. Please refer to a maintainer to get such label added if you think this should be kept open.
leodido
commented
4 years ago Recently, we updated the docs about this matter.
fntlnz
commented
4 years ago Should we close?
danmx
commented
4 years ago It would be great if you could narrow the capabilities instead going for --privileged. Not many people will use kernels >= 5.8 any time soon.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. Issues labeled "cncf", "roadmap" and "help wanted" will not be automatically closed. Please refer to a maintainer to get such label added if you think this should be kept open.
leogr
commented
3 years ago /help
poiana
commented
3 years ago @leogr: This request has been marked as needing help from a contributor.
Please ensure the request meets the requirements listed here.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.
poiana
commented
3 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
poiana
commented
3 years ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
poiana
commented
3 years ago Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Provide feedback via https://github.com/falcosecurity/community. /close
poiana
commented
3 years ago @poiana: Closing this issue.
ylmig
commented
2 years ago It would be great if you could narrow the capabilities instead going for
--privileged. Not many people will use kernels>= 5.8any time soon.
Is there any progress on that? We would need that as well and we don't want to use --privileged if there are alternatives to narrow down the capabilities
leogr
commented
2 years ago /reopen
poiana
commented
2 years ago @leogr: Reopened this issue.
poiana
commented
2 years ago Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Provide feedback via https://github.com/falcosecurity/community. /close
poiana
commented
2 years ago @poiana: Closing this issue.
jasondellaluce
commented
2 years ago /remove-lifecycle rotten /reopen
poiana
commented
2 years ago @jasondellaluce: Reopened this issue.
poiana
commented
2 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
leogr
commented
2 years ago /remove-lifecycle stale
poiana
commented
1 year ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
poiana
commented
1 year ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
leogr
commented
1 year ago /remove-lifecycle rotten
leogr
commented
1 year ago /milestone 1.0.0
poiana
commented
1 year ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
leogr
commented
1 year ago /remove-lifecycle stale
/cc @FedeDP @Andreagit97
poiana
commented
1 year ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
leogr
commented
1 year ago /remove-lifecycle stale cc @vjjmiras @therealbobo
poiana
commented
1 year ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
poiana
commented
11 months ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
Andreagit97
commented
11 months ago What do we miss here? Now the documentation should provide all the info for our drivers: https://falco.org/docs/event-sources/kernel/#requirements
leogr
commented
11 months ago I believe this has been addressed. Moving the discussion to falco-website for a double check.
cc @aijamalnk @vjjmiras @Issif
poiana
commented
10 months ago Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Provide feedback via https://github.com/falcosecurity/community. /close
poiana
commented
10 months ago @poiana: Closing this issue.
What to document
Falco is touching critical parts of the operating system. It would be extremely useful to have a list of system dependencies like:
for:
So we could create least privileged Falco deployments.