-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: lenient apparmor profiles #1583
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PrimalPimmy
force-pushed
the
apparmor-le
branch
9 times, most recently
from
February 6, 2024 06:23
316ae60
to
f901706
Compare
daemon1024
reviewed
Feb 6, 2024
PrimalPimmy
force-pushed
the
apparmor-le
branch
from
February 7, 2024 15:05
07f85cf
to
7fc05d5
Compare
daemon1024
requested changes
Feb 8, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please find comments inline
Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> Test fix Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Fixing tests pt2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Fixing tests pt3 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Rolling back tests Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Testing fix in kubeupdate Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> debug log in runtime Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> use latest docker version with k3s Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> Improvised testing framework Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Some more updates Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> fix 1 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> fix go test Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> More test fixes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Test fixed finally Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Go modules fix Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Go modules fix-2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Go modules fix-3 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Go modules fix-3 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Go modules fix-4 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Documentation update Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Code cleanup Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Documentation updates Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>
PrimalPimmy
force-pushed
the
apparmor-le
branch
from
February 9, 2024 05:09
ecebffc
to
f10d21d
Compare
Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>
daemon1024
approved these changes
Feb 9, 2024
DelusionalOptimist
approved these changes
Feb 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose of PR?:
This PR is part of toning down apparmor restrictions on Kubearmor. Then we can use that to secure Kubearmor by applying KSPs as a privileged container.
Does this PR introduce a breaking change?
Could be, it will be privileged after all.
If the changes in this PR are manually verified, list down the scenarios covered::
Additional information for reviewer? :
Mention if this PR is part of any design or a continuation of previous PRs
Checklist:
<type>(<scope>): <subject>