-
Notifications
You must be signed in to change notification settings - Fork 1.2k
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running in a kubernetes cluster don't work as expected when check cis-1.4-1.1.8 #574
Comments
I have found the reason: the Lines 233 to 235 in 77f6651
Maybe we should change the value of |
The user may want to mount I am intrigued about why I am open to the idea of changing the path to PATH to run the |
@mozillazg good catch! and thanks for reporting this. @lizrice I think this issue is same as this #501 and, to be consistent, we should fix it in the same manner as #508 @mozillazg would you like to submit a PR similar to #508? :) |
@robertojrojas Yes, I'll submit a PR later. IMHO, Maybe the idea of changing the path to PATH is better, in case of there are similar cases in feature or maybe there are other commands(for example: |
@mozillazg I'm not completely comfortable of changing the PATH as it would be difficult to predict what side effects it could bring with existing folks using the software at the moment. The absolute path is safer. In the case of |
After testing I found that use absolute path can't fix same problem of
Use this way we can both use all builtin commands from container and other needed commands from host(e.g. kubeclt), there is no longer surprise for where is the command come from and why the command is run failed. |
@mozillazg we agree with changing the PATH. Would you be able to work on that today? If not, it's not a problem. I can take care of it. |
And change to use `/usr/local/mount-from-host/bin` as mount path. Fixes aquasecurity#574
And change to use `/usr/local/mount-from-host/bin` as mount path. Fixes aquasecurity#574
…ity#577) * Fixes issue aquasecurity#574: change the PATH in container And change to use `/usr/local/mount-from-host/bin` as mount path. Fixes aquasecurity#574 * Fix integration tests
k8s version: 1.14.8
kube-bench version: latest (0.2.3)
run command: wget https://github.com/aquasecurity/kube-bench/blob/master/job-master.yaml && kubectl apply -f job-master.yaml
problem:
--profiling=false
is exists but this check is not passedkube-bench/cfg/cis-1.4/master.yaml
Lines 120 to 134 in 77f6651
debug in k8s container:
When run kube-bench bin file in master node it check passed, but run in a k8s container it check failed
BTW, other check itemes which check it's flag are failed too(there are needed flag value but check failed like 1.1.8)
The text was updated successfully, but these errors were encountered: