Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5806

RHACS: Seccomp profile check criteria

XMLWordPrintable

    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      USER PROBLEM
      The customer wants to integrate seccomp profiles and control with ACS policy which deployment or container doesn't have seccomp profile.

      Reproduce: 

      Firstly, you should copy the attached JSON to /var/lib/kubelet/seccomp/ directory. (If you have 1 or more node, you should copy this json to all nodes related directory.

      Then you should run a pod. You can use the attached pod.YAML file. Then, let's create acs policy, You can create a policy like the attached acs1.jpg screenshot.

      According to this policy, I expect the ACS show violation which doesn't have any seccomp policy. But It cannot show.

      However, when you create a policy like acs2.jpg screenshot, ACS shows the containers which have a seccomp profile.

       

       

        1. screenshot-1.png
          screenshot-1.png
          72 kB
        2. pod2.yaml
          0.3 kB
        3. pod.yaml
          0.4 kB
        4. allseccomp.json
          0.0 kB
        5. acs2.jpg
          acs2.jpg
          16 kB
        6. acs1.jpg
          acs1.jpg
          17 kB

              bmichael@redhat.com Boaz Michaely
              eozkan@redhat.com Emre Ozkan
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved:
                None
                None