Skip to content

feat: add new container security rules for NoNewPrivileges and SeccompProfile #247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add new container security rules for NoNewPrivileges and SeccompProfile #247

wants to merge 1 commit into from

Conversation

juev
Copy link
Contributor

@juev juev commented Aug 8, 2025
edited
Loading

  • Introduced NoNewPrivilegesRule to ensure containers do not allow privilege escalation.
  • Added SeccompProfileRule to validate seccomp profiles for containers, ensuring proper security configurations.
  • Updated linters settings to include new exclusion rules for NoNewPrivileges and SeccompProfile.

Example:

🐒 [no-new-privileges (#container)]
     Message:      Container's SecurityContext is missing - cannot verify allowPrivilegeEscalation setting
     Module:       kube-dns
     Object:       kind = Deployment ; name = d8-kube-dns-sts-pods-hosts-appender-webhook ; namespace = kube-system ; container = webhook
     FilePath:     templates/sts-pods-hosts-appender-webhook/deployment.yaml

🐒 [seccomp-profile (#container)]
     Message:      No seccomp profile specified - consider explicitly setting seccompProfile.type to 'RuntimeDefault'
                   for better security posture
     Module:       kube-dns
     Object:       kind = Deployment ; name = d8-kube-dns-sts-pods-hosts-appender-webhook ; namespace = kube-system ; container = webhook
     FilePath:     templates/sts-pods-hosts-appender-webhook/deployment.yaml

feat: add new container security rules for NoNewPrivileges and Seccom…
95cf602 
…pProfile

- Introduced NoNewPrivilegesRule to ensure containers do not allow privilege escalation.
- Added SeccompProfileRule to validate seccomp profiles for containers, ensuring proper security configurations.
- Updated linters settings to include new exclusion rules for NoNewPrivileges and SeccompProfile.
- Enhanced documentation in README.md to reflect new checks and their implications.
@juev juev requested a review from ldmonster August 8, 2025 11:52
@juev juev self-assigned this Aug 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ldmonster ldmonster Awaiting requested review from ldmonster

Assignees

@juev juev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@juev