Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Feature Request: Filter dropped caps #33

Closed
jinankjain opened this issue Oct 16, 2017 · 3 comments
Closed

Feature Request: Filter dropped caps #33

jinankjain opened this issue Oct 16, 2017 · 3 comments

Comments

@jinankjain
Copy link
Contributor

In the current situation kubeaudit just audit for the fact that any capability is dropped or not. It does not take into account any specific capability.

This feature will introduce a flag through which a user would be able to specify that which caps should be dropped necessarily. And kubeaudit will error if those caps are not dropped instead of just giving a warning.

What do you say @jonpulsifer @klautcomputing ?

@klautcomputing
Copy link
Contributor

I am not sure about a flag in kubeaudit...

I think my preferred solution would be if you could put all the information in a label, e.g. kubeaudit.cap.allow = sys_chroot and then kubeaudit would not bug you about it because it knows that the capability is actually needed and should be set.

This would be a great way not only for capabilities but for everything else. There might be containers that need a read-write filesystem or need to run as root. And labels would give us the opportunity to actually make sure we don't complain about things that are legitimately not up to the tightest security standards.

@klautcomputing
Copy link
Contributor

I am gonna start working on this.

@jinankjain
Copy link
Contributor Author

Time to close this one with #73 @fedorlis

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants