-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Design an AppArmor security profile #549
Labels
Comments
prometherion
added
enhancement
New feature or request
and removed
blocked-needs-validation
Issue need triage and validation
labels
Apr 21, 2022
@alegrey91 although this feature request is in the backlog, please, share your interest in continuing working on this, otherwise, it could be taken by anyone else. |
@prometherion Sorry for the late reply. Unfortunately I'll not be able to work on this issue in the next weeks. I'll free the issue for other contributors. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
We should consider designing an AppArmor profile to be assigned to Capsule when installed.
Being a sensitive component in the cluster, this should be a good security improvement.
What would the new user story look like?
Deployment
will need the following annotation:container.apparmor.security.beta.kubernetes.io/capsule: capsule.clastix.io
Expected behavior
The Capsule container will work as expected, but this will have a limited surface in case an attacker will be able to exploit it.
The text was updated successfully, but these errors were encountered: