Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5806

RHACS: Seccomp profile check criteria

XMLWordPrintable

    • False
    • None
    • False
    • Red
    • Rox Sprint 74B - Global, Rox Sprint 74C - Global, Rox Sprint 4.0A - Global, Rox Sprint 74D - Global, Rox Sprint 4.0B - Global

      USER PROBLEM
      The customer wants to integrate seccomp profiles and control with ACS policy which deployment or container doesn't have seccomp profile.

      Reproduce: 

      Firstly, you should copy the attached JSON to /var/lib/kubelet/seccomp/ directory. (If you have 1 or more node, you should copy this json to all nodes related directory.

      Then you should run a pod. You can use the attached pod.YAML file. Then, let's create acs policy, You can create a policy like the attached acs1.jpg screenshot.

      According to this policy, I expect the ACS show violation which doesn't have any seccomp policy. But It cannot show.

      However, when you create a policy like acs2.jpg screenshot, ACS shows the containers which have a seccomp profile.

       

       

        1. allseccomp.json
          0.0 kB
        2. pod.yaml
          0.4 kB
        3. acs1.jpg
          acs1.jpg
          17 kB
        4. acs2.jpg
          acs2.jpg
          16 kB
        5. screenshot-1.png
          screenshot-1.png
          72 kB
        6. pod2.yaml
          0.3 kB

            bmichael@redhat.com Boaz Michaely
            eozkan@redhat.com Emre Ozkan (Inactive)
            Anjali Telang, Boaz Michaely, Doron Caspin, JP Jung, Maria Simon Marcos, Shubha Badve
            ACS Core Workflows
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: