image:
field to point to your container registry.secret
).secret
).registry.example.com/mysql:latest-rfstub
.image:
field to point to your container registry.image:
field points to the stub image.securityContext
section with updates necessary for RapidFort to trace the runtime behavior.SYS_PTRACE
capability must be addedallowPrivilegeEscalation: true
) readOnlyRootFilesystem: false
)securityContext:
capabilities:
add: ["SYS_PTRACE"]
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
livenessProbe
and readinessProbe
settings.secret
).mysql:latest-rfstub
) is currently deployed and runningsecurityContext
section that adds the SYS_PTRACE
capability, allows privilege escalation, and allows read/write access to the root filesystemregistry.example.com/mysql:latest-rfhardened
.image:
field to point to your container registry.image:
field points to the hardened image.secret
).SYS_PTRACE
Linux kernel capabilityallowPrivilegeEscalation: true
)readOnlyRootFilesystem: false
)