Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harden the spo and bpf-recorder containers with custom apparmor profiles #2646

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

ccojocar
Copy link
Contributor

What type of PR is this?

/kind feature

What this PR does / why we need it:

This pull request harden the security-profiles-operator and bpf-recorder containers as part of spod daemonset with custom apparmor profiles when apparmor is enabled.
These two containers run in privileged mode when the apparmor is activated.

Which issue(s) this PR fixes:

Fixes #65

Does this PR have test?

Yes

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Harden the security-profiles-operator and bpf-recorder containers with custom apparmor profiles when apparmor is enabled.

Change-Id: Iccb89ec24d4f513acff9d7828dea6a4ab3c33ef1
Signed-off-by: Cosmin Cojocar <[email protected]>
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. labels Dec 23, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ccojocar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 23, 2024
@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Dec 23, 2024
@ccojocar ccojocar requested review from saschagrunert and removed request for JAORMX and Vincent056 December 23, 2024 16:30
@ccojocar
Copy link
Contributor Author

cc @mhils

Change-Id: I8a4f7031c81fe1f47f1a0a55276b415bb6d59732
Signed-off-by: Cosmin Cojocar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create AppArmor profile for the operator
2 participants