Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
1.45k
stars
335
forks
source link
mount procfs instead of using hostpid #1688
Open
daemon1024 opened 6 months ago
Feature Request
KubeArmor needs access to host's procfs to stich container and real time process information we get from eBPF.
Is your feature request related to a problem? Please describe the use case.
Sharing pid ns with host is more risky than just accessing procfs.
Describe the solution you'd like
Related #1186