Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design an AppArmor security profile #549

Open
alegrey91 opened this issue Apr 21, 2022 · 2 comments
Open

Design an AppArmor security profile #549

alegrey91 opened this issue Apr 21, 2022 · 2 comments
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@alegrey91
Copy link
Contributor

Describe the feature

We should consider designing an AppArmor profile to be assigned to Capsule when installed.
Being a sensitive component in the cluster, this should be a good security improvement.

What would the new user story look like?

  1. Prerequisites for this feature are that AppArmor must be already installed on the cluster machines.
  2. The AppArmor profile must be deployed inside the cluster machines (before the Capsule installation)
  3. Capsule Deployment will need the following annotation: container.apparmor.security.beta.kubernetes.io/capsule: capsule.clastix.io
  4. All the magic happens in the background

Expected behavior

The Capsule container will work as expected, but this will have a limited surface in case an attacker will be able to exploit it.
@alegrey91 alegrey91 added the blocked-needs-validation Issue need triage and validation label Apr 21, 2022
@prometherion prometherion added enhancement New feature or request and removed blocked-needs-validation Issue need triage and validation labels Apr 21, 2022
@prometherion
Copy link
Member

@alegrey91 although this feature request is in the backlog, please, share your interest in continuing working on this, otherwise, it could be taken by anyone else.

@alegrey91
Copy link
Contributor Author

@prometherion Sorry for the late reply. Unfortunately I'll not be able to work on this issue in the next weeks. I'll free the issue for other contributors.

@alegrey91 alegrey91 removed their assignment Aug 3, 2023
@prometherion prometherion added the good first issue Good for newcomers label Aug 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prometherion @alegrey91