Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5806

RHACS: Seccomp profile check criteria

XMLWordPrintable

    • False
    • None
    • False
    • Red
    • Rox Sprint 74B - Global, Rox Sprint 74C - Global, Rox Sprint 4.0A - Global, Rox Sprint 74D - Global, Rox Sprint 4.0B - Global

      USER PROBLEM
      The customer wants to integrate seccomp profiles and control with ACS policy which deployment or container doesn't have seccomp profile.

      Reproduce: 

      Firstly, you should copy the attached JSON to /var/lib/kubelet/seccomp/ directory. (If you have 1 or more node, you should copy this json to all nodes related directory.

      Then you should run a pod. You can use the attached pod.YAML file. Then, let's create acs policy, You can create a policy like the attached acs1.jpg screenshot.

      According to this policy, I expect the ACS show violation which doesn't have any seccomp policy. But It cannot show.

      However, when you create a policy like acs2.jpg screenshot, ACS shows the containers which have a seccomp profile.

       

       

        1. acs1.jpg
          17 kB
          Emre Ozkan
        2. acs2.jpg
          16 kB
          Emre Ozkan
        3. allseccomp.json
          0.0 kB
          Emre Ozkan
        4. pod.yaml
          0.4 kB
          Emre Ozkan
        5. pod2.yaml
          0.3 kB
          Emre Ozkan
        6. screenshot-1.png
          72 kB
          Mandar Darwatkar

            bmichael@redhat.com Boaz Michaely
            eozkan@redhat.com Emre Ozkan (Inactive)
            Anjali Telang, Boaz Michaely, Doron Caspin, JP Jung, Maria Simon Marcos, Shubha Badve
            ACS Core Workflows
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: