A series of feature requirements concerned with namespaces #2612
Comments
|
Same as #2613, this is an interesting feature and we will try to understand how much effort it will require! Thank you for sharing the knowledge! |
|
Hello @MagpieRYL, thank you for this issue. I had a similar idea in the past, but I stopped trying to implement it because of the issue you mentioned above (that is, cannot use equality between two fields). Since the security use case is relevant, I really think we can try to understand how to implement this! |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/remove-lifecycle stale |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/remove-lifecycle stale |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/remove-lifecycle stale |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/remove-lifecycle stale |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
|
Rotten issues close after 30d of inactivity. Reopen the issue with Mark the issue as fresh with Provide feedback via https://github.com/falcosecurity/community. |
|
@poiana: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Motivation
Intrusion detection in container-based cloud native environment may need observation on namespaces.
In our practise on container escaping detection, we are facing the demands:
setnssyscall.ptraceinto a process on host's namespacenamespace's change when it was breaking 👆 ?Feature
fdfield of thesetnssyscallnamespaceinfo of the targetpidprocess inptracesyscall: raw value and type, including(mnt, net, pid, ipc, cgroup, etc.)namespace: raw value and type, including(mnt, net, pid, ipc, cgroup, etc.)namespace(like systemd's ns): raw value and type, including(mnt, net, pid, ipc, cgroup, etc.)with these feature above, we can detect the namespace breaking (like utilizing setns/ptrace) by this feature: #2484
The text was updated successfully, but these errors were encountered: