PodLock: restrict process execution and file access in Kubernetes Pods with Landlock
a project by flavio_castelli
Updated 9 days ago. No love. 1 follower.

Description

Use the landlock Linux Security Module (LSM) to sandbox processes running inside of a Kubernetes Pod.

Goals

Allow users to define which binaries a process is allowed to execute once started within a protected Pod. Moreover, allow user to specify which directories and files the process will have access to, along with the permitted access mode.

Outcome

The project completed successfully. All the source code and documentation can be found here.

Resources

Join this project

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 25

Activity

  • 15 days ago: flavio_castelli started this project.
  • 15 days ago: flavio_castelli originated this project.


    • Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!