27 lines
681 B
Markdown
27 lines
681 B
Markdown
# security contexts
|
|
|
|
## References:
|
|
|
|
- https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
- https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
|
|
|
## What to do
|
|
|
|
1. Create the `attacker.yaml` deployment
|
|
2. Go through the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ task
|
|
|
|
Skip the bitmasks, but try different flags in the security context and update the deployment to see
|
|
what happens with various options.
|
|
|
|
Try atleast the following:
|
|
|
|
```
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
# cd to /dev/ and see after this
|
|
readOnlyRootFilesystem: true
|
|
# try writing to / after this
|
|
runAsGroup
|
|
runAsNonRoot
|
|
runAsUser
|
|
``` |