Open atilsensalduz opened 6 months ago
I just saw the following entry in the support matrix but I'm not sure why platform is graviton instead of EKS
Hey @atilsensalduz Currently only apparmor based enforcement will work on Ubuntu/Debian based distros on Graviton. We verified that the latest kernel on Graviton for AL2 and Bottle rocket is Kernel version 6.1 and that has a kernel issue with BPF LSM. The issue is resolved in kernel 6.4 but is still not available on AL2 and Bottlerocket. Ref - https://github.com/kubearmor/KubeArmor/issues/1084#issuecomment-1654207719
Here is the kernel patch that gets BPF LSM working on arm64/aarch64 for anyone who is interested.
Thank you for the detailed explanation, team. Should I proceed with closing the ticket, or would it be preferable to continue monitoring the progress of reenabling Container Security for Graviton instances after the launch of Kernel 6.4?
I've been experimenting with blocking file access, and upon reviewing the logs, I noticed that the outcome indicates "passed" with the action listed as "Action: Audit (Block)." However, upon further inspection using the karmor probe, I found that container security is marked as false. Additionally, upon consulting the support matrix, it appears that Amazon Linux 2 (kernel >=5.8) only supports the x86_64 architecture. Considering the escalating adoption of graviton instances, could we explore incorporating container security capabilities for graviton instances?