Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Can only BPF-LSM support all the features of KubeArmor? #1592

Closed
dejavudwh opened this issue Jan 23, 2024 · 3 comments
Closed

Can only BPF-LSM support all the features of KubeArmor? #1592

dejavudwh opened this issue Jan 23, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@dejavudwh
Copy link

I checked out the Kubernetes Support Matrix, but I'm still not quite sure if I can use all the features of KubeArmor if I only have BPF-LSM and no AppArmor or SELinux?
@dejavudwh dejavudwh added the enhancement New feature or request label Jan 23, 2024
@daemon1024
Copy link
Member

Hey @dejavudwh

Currently there are 2 features that are not supported in BPF LSM

  • MatchPatterns in Security Policies
  • Capabilities support

We already have a PR for Capabilities support #1538 which will land soon into KubeArmor.

That said, we utilise BPF LSM as the preferred enforcer even if SELinux and AppArmor are available.
The reason for that being some limitations with SELinux and AppArmor themselves
Document for reference https://github.com/kubearmor/KubeArmor/wiki/Enforcer-Feature-Parity

@dejavudwh
Copy link
Author

@daemon1024 Thank you very much for your answer.

@daemon1024
Copy link
Member

@dejavudwh happy to answer any more questions :D I am marking this issue as complete. Feel free to open more issues or ask us on our Slack :D

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daemon1024 @dejavudwh