Conversation
|
Hey @ktzsolt I've thought about recommending custom seccomp, SE Linux, AppArmor, and capabilities before. But, I've not seen anyone do that, even the few financial and security companies I've advised. To implement, it requires a high degree of knowing Linux and the apps your deploying. Many engineers have zero experience with any of those lockdown methods, so it's one of the last things I'd recommend people do (even though it's cool that we can do that in podspec). I'll leave this PR open so others can find it, but I'd need more evidence of real-world exploited scenarios before I'd recommend everyone, by default, goes to this level of security engineering. I did a talk on improving team/code security practices and I look at this as "start with things that are easier to implement and have big impacts" before going after the more challenging efforts like "figure out every Linux capability your apps need and customize each podspec for that." https://youtu.be/KqOwGEd3RBM?si=SQ58HvlYoxg-7dRj However, your suggestion has me thinking this repo could be turned into "levels" where most of my suggestions could be "level 1" and then show more examples that level up the complexity but still add extra benefits... |
2 participants
Hi @BretFisher !
What do you think about removing all linux capabilities by default?
Got the idea from here: https://snyk.io/blog/kubernetes-securitycontext-linux-capabilities/