mounts

package
v0.0.0-...-e70be16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2024 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MountNameMetadataKey     = "MountName"
	MountPathMetadataKey     = "MountPath"
	MountReadOnlyMetadataKey = "MountReadOnly"
	MountVolumeNameKey       = "MountVolume"
	MountVolumeHostPathKey   = "MountVolumeHostPath"
)
View Source
const Name = "mounts"
View Source
const (
	// SensitivePathsMounted occurs when a container has sensitive host paths mounted
	SensitivePathsMounted = "SensitivePathsMounted"
)

Variables

View Source
var DefaultSensitivePaths = []string{"/proc", "/var/run/docker.sock", "/", "/etc", "/root", "/var/run/crio/crio.sock", "/run/containerd/containerd.sock", "/home/admin", "/var/lib/kubelet", "/var/lib/kubelet/pki", "/etc/kubernetes", "/etc/kubernetes/manifests"}

DefaultSensitivePaths is the default list of sensitive mount paths (from Falco rule: https://github.com/falcosecurity/falco/blob/master/rules/falco_rules.yaml#L1945)

Functions

This section is empty.

Types

type Config

type Config struct {
	SensitivePaths []string `yaml:"denyPathsList"`
}

func (*Config) GetSensitivePaths

func (config *Config) GetSensitivePaths() []string

type SensitivePathMounts

type SensitivePathMounts struct {
	// contains filtered or unexported fields
}

SensitivePathMounts implements Auditable

func New

func New(config Config) *SensitivePathMounts

func (*SensitivePathMounts) Audit

func (sensitive *SensitivePathMounts) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)

Audit checks that the container does not have any sensitive host path

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL