mirror of
https://github.com/gwg313/homelab-gitops.git
synced 2026-06-19 11:54:22 +00:00
37 lines
875 B
YAML
37 lines
875 B
YAML
apiVersion: cilium.io/v1alpha1
|
|
kind: TracingPolicy
|
|
metadata:
|
|
name: block-tmp-execution
|
|
namespace: kube-system
|
|
spec:
|
|
podSelector:
|
|
matchExpressions:
|
|
- key: "io.kubernetes.pod.namespace"
|
|
operator: "NotIn"
|
|
values:
|
|
- kube-system
|
|
- kube-public
|
|
- kube-node-lease
|
|
- argocd
|
|
- kyverno
|
|
- cilium-ingress
|
|
- cilium-secrets
|
|
- cert-manager
|
|
- sealed-secrets
|
|
- nfs-subdir-external-provisioner
|
|
kprobes:
|
|
- call: "sys_execve"
|
|
syscall: true
|
|
args:
|
|
- index: 0
|
|
type: "string"
|
|
selectors:
|
|
- matchArgs:
|
|
- index: 0
|
|
operator: "Prefix"
|
|
values:
|
|
- "/tmp/"
|
|
- "/var/tmp/"
|
|
- "/dev/shm/"
|
|
matchActions:
|
|
- action: Sigkill
|