issues running fapolicy on eks nodes

[plutarcian]

Hi I am trying to run fapolicy on eks nodes ( for compliance ) . following https://github.com/linux-application-whitelisting/fapolicyd/issues/180 , i have it it up and running and working.

However , for some reason, fapolicy is blocking k8s from pulling images without logging anything. I have tried running fapolcy with --debug-deny and even --debug but i dont see any logs. However unless i stop fapolicy, i cant get k8s to deploy anything.

Has anyone faced any issue like that

logs show something like PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"344908691396.dkr.ecr.ap-southeast-2.amazonaws.com/e-recruit-build:develop_lucee\": failed to extract layer sha256:519abcb17676bcf41d770deedf143913f4a4aca3211f3793c8469b70ee9ac91a: open /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/453/fs/opt/reactapp/node_modules/@babel/traverse/lib/path/modification.js: operation not permitted

There is no entry that tells whats blocked Any ideas

Edit: by no logs I mean to say no log that shows a deny. all logs basically allow everything yet i get operation not permitted error

[radosroka]

What about setting permissive=true?