Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Support AppArmor profile unconfined #442

Closed
1 of 2 tasks
JWT95 opened this issue Jun 10, 2022 · 2 comments · Fixed by #489
Closed
1 of 2 tasks

Support AppArmor profile unconfined #442

JWT95 opened this issue Jun 10, 2022 · 2 comments · Fixed by #489
Labels
help wanted

Comments

@JWT95
Copy link

JWT95 commented Jun 10, 2022

ISSUE TYPE
  • Bug Report
  • Feature Idea

FEATURE IDEA

Proposal: At current kubeaudit does not support annotations of the form: container.apparmor.security.beta.kubernetes.io/<container>: unconfined. It errors with: Message: AppArmor is disabled. This can't be overriden because kubeaudit doesn't support apparmor override errors.

But the unconfined profile is supported by k8s and may be used for containers that need access to /proc but can't use localhost profiles.

kubeaudit should either support the unconfined profile or allow overrides for apparmor. I think the same applies for seccomp.
@ghost
Copy link

ghost commented Jun 10, 2022

Thanks for opening your first issue here! Be sure to follow the issue template!

@genevieveluyt
Copy link
Contributor

genevieveluyt commented Jun 10, 2022
edited
Loading

Why not both? 🙂 If you are interested in contributing, we would be happy to accept this change.

EDIT: Actually, since unconfined runs apparmor with no security profile, I think we want to discourage this. We should introduce an override label.

@Ser87ch Ser87ch mentioned this issue Oct 8, 2022
Merged
7 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add override for unconfined apparmor profile ✨ Ser87ch/kubeaudit
2 participants
@genevieveluyt @JWT95