-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on May 24, 2023
> The Security Profiles Operator (SPO) makes managing seccomp, SELinux and AppArmor profiles within Kubernetes easier than ever. It allows cluster administrators to define the profiles in a predefined custom resource YAML, which then gets distributed by the SPO into the whole cluster. Modification and removal of the security profiles are managed by the operator in the same way, but that’s a small subset of its capabilities.
> Another core feature of the SPO is being able to stack seccomp profiles. This means that users can define a baseProfileName in the YAML specification, which then gets automatically resolved by the operator and combines the syscall rules. If a base profile has another baseProfileName, then the operator will recursively resolve the profiles up to a certain depth. A common use case is to define base profiles for low level container runtimes (like runc or crun) which then contain syscalls which are required in any case to run the container. Alternatively, application developers can define seccomp base profiles for their standard distribution containers and stack dedicated profiles for the application logic on top. This way developers can focus on maintaining seccomp profiles which are way simpler and scoped to the application logic, without having a need to take the whole infrastructure setup into account.
> But how to maintain those base profiles? For example, the amount of required syscalls for a runtime can change over its release cycle in the same way it can change for the main application. Base profiles have to be available in the same cluster, otherwise the main seccomp profile will fail to deploy. This means that they’re tightly coupled to the main application profiles, which acts against the main idea of base profiles. Distributing and managing them as plain files feels like an additional burden to solve.
> This article introduces the new Red Hat Developer Hub and Janus project to address the challenges IT organizations face in the development process. A developer’s work can be fraught with disparate development systems and distributed teams, and organizations with multiple development teams often struggle with competing priorities, diverse tools and technologies, and establishing best practices.
> These challenges make it difficult to quickly start development and adhere to multiple security and compliance standards. A unified platform that can consolidate these elements of the development process and foster internal collaboration will enable development teams to focus on rapidly enhancing code and functionality to efficiently build high-quality software.
> A significant portion of the focus for the Red Hat Software Summit held in Boston this week are three core products designed to meet the growing demands for better software security and government regulations requiring enhanced application security across all industries.
> Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.
> Red Hat today added a Red Hat Service Interconnect to its portfolio that is based on an open source Skupper.io project that enables Layer 7 networking between application components running on different platforms.
> As containerization continues to gain popularity in the world of enterprise software development, there is also growing demand for tools and technologies that make container management more accessible and efficient. One such tool is Podman Desktop, which provides a user-friendly interface for managing containers and working with Kubernetes from a local machine (Figure 1).
-- Response ended
-- Page fetched on Thu Jun 13 15:17:57 2024