mount procfs instead of using hostpid

daemon1024 commented 6 months ago

Feature Request

KubeArmor needs access to host's procfs to stich container and real time process information we get from eBPF.

Is your feature request related to a problem? Please describe the use case.

Sharing pid ns with host is more risky than just accessing procfs.

Describe the solution you'd like

We can mount and set procfs to readonly maybe alleviating a lot of risks involded with mounting procfs
Add configuration in KubeArmor to support custom path prefix for procfs

Related #1186

yp969803 commented 1 month ago

@daemon1024 is the issue open to work?

daemon1024 commented 1 month ago

Yes @yp969803

yp969803 commented 1 month ago

/assign