Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harden the bpf-recorder container with a custom seccomp profile #2626

Merged
merged 2 commits into from
Dec 16, 2024
Merged

Harden the bpf-recorder container with a custom seccomp profile #2626

merged 2 commits into from
Dec 16, 2024

Conversation

ccojocar
Copy link
Contributor

@ccojocar ccojocar commented Dec 16, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

This adds a custom seccomp profile for bpf-recorder container which runs in privileged mode. This is the first step to harden this container.

Which issue(s) this PR fixes:

None

Does this PR have test?

Yes

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Harden the bpf-recorder container with a custom seccomp profile.

cc @mhils

@ccojocar
Add a custom seccomp profile for bpf-recorder container
d4bc5af 
Harden the bpf-recorder container with a custom seccomp profile since is
running in privileged mode.

Change-Id: I5ff3baea53349f1907b2f3ee7610b07df8c54c49
Signed-off-by: Cosmin Cojocar <[email protected]>
@ccojocar
Use the staging image in the operator manifest
046692a 
Change-Id: Ifdf320dee2998bedc5293040336803a8b663e3b2
Signed-off-by: Cosmin Cojocar <[email protected]>
@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. release-note Denotes a PR that will be considered when it comes time to generate release notes. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 16, 2024
@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Dec 16, 2024
@ccojocar ccojocar requested review from saschagrunert and removed request for pjbgf and Vincent056 December 16, 2024 14:08
saschagrunert
saschagrunert approved these changes Dec 16, 2024
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thank you!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 16, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ccojocar, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ccojocar,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 57b1385 into main Dec 16, 2024
28 checks passed
@k8s-ci-robot k8s-ci-robot deleted the bpfrecorder-seccomp branch December 16, 2024 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

Assignees

@saschagrunert saschagrunert

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ccojocar @k8s-ci-robot @saschagrunert