Read-only root file system check broken if the container.security_context not defined #45
Comments
|
hi, thank you for creating an issue. Can you elaborate a little bit? In the linked scenario if security_context does not have the read_only_root_filesystem attribute it gets added to the list of offenders. Is there a different check that you are looking for? |
|
Hi @dorukozturk what if the container doesn't have this parameter? I can see, that is not added to offender list, which is wrong. CMIIW. Maybe this is what @alen-caljuksic meant:
It works fine when I have this parameter:
|
za
added a commit
to za/hardeneks
that referenced
this issue
Jul 23, 2024
…ilesystem config Because when there's no declaration: ``` securityContext: readOnlyRootFilesystem: true ``` it should be added to offenders list. Issue aws-samples#45 aws-samples#45
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems to me pod should be added to an offender list when container.security_context not defined:
https://github.com/aws-samples/hardeneks/blob/main/hardeneks/namespace_based/security/pod_security.py#L146
The text was updated successfully, but these errors were encountered: