Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rules: add containerd socket to sensitive_mount macro #1815

Merged
merged 1 commit into from
Dec 21, 2021
Merged

rules: add containerd socket to sensitive_mount macro #1815

merged 1 commit into from
Dec 21, 2021

Conversation

loresuso
Copy link
Member

@loresuso loresuso commented Dec 6, 2021
edited by leogr
Loading

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

If contributing rules or changes to rules, please make sure to also uncomment one of the following line:

/kind rule-update

/kind rule-create

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area engine

/area rules

/area tests

/area proposals

What this PR does / why we need it:
The sensitive_mount macro contains both the docker and cri-o sockets. If mounted inside a container, they can be used to escalate privileges, since they allow to communicate with daemon processes running as root. For exactly the same reason, also the containerd socket must be added to that macro.

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

rule(macro sensitive_mount): add containerd socket

@loresuso
update(rules): Add containerd socket to sensitive_mount macro
5d4ebb8 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
@poiana poiana requested review from fntlnz and Kaizhe December 6, 2021 10:00
@poiana
Copy link
Contributor

poiana commented Dec 6, 2021

Welcome @loresuso! It looks like this is your first PR to falcosecurity/falco 🎉

@poiana poiana added the size/XS label Dec 6, 2021
Kaizhe
Kaizhe approved these changes Dec 6, 2021
View reviewed changes
Copy link
Contributor

@Kaizhe Kaizhe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@poiana poiana added the lgtm label Dec 6, 2021
@poiana
Copy link
Contributor

poiana commented Dec 6, 2021

LGTM label has been added.

Git tree hash: 5558044df836bbd386fa5c15fd87f528e38220b1

@poiana poiana added the approved label Dec 6, 2021
@leogr
Copy link
Member

leogr commented Dec 21, 2021

/milestone 0.31.0

@poiana poiana added this to the 0.31.0 milestone Dec 21, 2021
leogr
leogr approved these changes Dec 21, 2021
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana poiana merged commit 6319be8 into falcosecurity:master Dec 21, 2021
@poiana
Copy link
Contributor

poiana commented Dec 21, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Kaizhe, leogr, loresuso

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leogr leogr leogr approved these changes

@Kaizhe Kaizhe Kaizhe approved these changes

@fntlnz fntlnz Awaiting requested review from fntlnz

Assignees

@Kaizhe Kaizhe

@leogr leogr

Labels
approved area/rules dco-signoff: yes kind/rule-update lgtm release-note size/XS
Projects
None yet
Milestone
0.31.0
Development

Successfully merging this pull request may close these issues.
4 participants
@loresuso @poiana @leogr @Kaizhe