Containers on Ethan-ZYF

Week2 Day 4: K8s security — AppArmor

Thu, 21 May 2026 00:00:00 -0700

AppArmor as the path-based complement to seccomp’s syscall-based filtering — and a hands-on lesson in why that complement is harder to deploy. This post covers how K8s wraps AppArmor (securityContext.appArmorProfile, symmetric with seccomp’s three types), why an AppArmor profile is heavier than a seccomp one (it must be pre-loaded into the node’s kernel via apparmor_parser, not just dropped as a file), why deny /data/** w blocks every syscall that writes there (closing the hole where touch bypassed yesterday’s mkdir block), and the day’s most valuable lesson: the experiment couldn’t run at all because a Mac/Docker-Desktop kind node has no AppArmor LSM in its kernel — a firsthand encounter with the fail-open trap and the portability problem of AppArmor-based mitigations.

Week2 Day 3: K8s security — seccomp

Wed, 20 May 2026 00:00:00 -0700

Where Week 1 and Week 2 meet: K8s seccomp is the same kernel seccomp from Week 1, except runc installs the BPF filter for you instead of your application. This post traces the full kubelet → containerd → runc chain (and what runc actually does — namespaces, cgroups, NNP, caps, seccomp, AppArmor, then exec), the three profile types (Unconfined / RuntimeDefault / Localhost), why the profile JSON is just the declarative form of the cBPF you’d hand-write, why SCMP_ACT_ERRNO lets the process survive while mkdir returns EPERM, and the crucial limitation: seccomp blocks syscalls, not intent — block mkdir and touch (which uses openat) still creates files. Plus /proc/<pid>/status as the ground-truth proof a filter is loaded.

Week2 Day 2: K8s security — NetworkPolicy + Secrets

Tue, 19 May 2026 00:00:00 -0700

Hands-on with the network and secret-data layers of Kubernetes security: why the default flat network is a lateral-movement risk, the deeply counterintuitive “selective activation” model of NetworkPolicy (one allow rule silently flips a pod to default-deny), why Ingress and Egress are independent dimensions (and why locking egress breaks DNS), the YAML trap where a single - flips AND into OR, why NetworkPolicy needs a CNI that actually enforces it (kindnet doesn’t — another fail-open), and the truth about Secrets: they’re base64, not encrypted — RBAC is what protects them — plus the atomic-symlink-swap trick that powers volume-mounted secret rotation.

Week2 Day 1: K8s security — Pod Security Standards + RBAC

Mon, 18 May 2026 00:00:00 -0700

A first hands-on pass at Kubernetes-native security: how Pod Security Admission (PSA) actually attaches to namespaces via labels (and silently fails-open when the label is misspelled), why runAsNonRoot: true is necessary but not sufficient (the image’s USER still has to be non-root), the four-field minimum a pod needs to clear the restricted profile, and the full RBAC mental model — Role/ClusterRole × RoleBinding/ClusterRoleBinding as two independent dimensions that produce four combinations (one of which K8s rejects outright), why RBAC evaluation is union, not override, and the asymmetry that makes RBAC fail-closed while PSA fails open.

Day 5: AppArmor + layered sandbox design

Sat, 16 May 2026 00:00:00 -0700

How AppArmor actually attaches to a process (via the bprm_check_security LSM hook at execve time, keyed on binary path), why bash script.sh silently runs unconfined while ./script.sh does not, the six exec modifiers (ix/Px/Cx/Ux and their setuid-preserving uppercase forms), the hardlink and bind-mount tricks that bypass path-based MAC, and why a production sandbox layers namespace + capability + seccomp + AppArmor + cgroup — with the argument that, if you can only afford two, seccomp + AppArmor is the highest-ROI pair.

Day 4: seccomp BPF Filter (filter mode deep dive)

Thu, 14 May 2026 00:00:00 -0700

A deep dive into seccomp filter mode: the BPF data layout, why pointer args can’t be dereferenced (TOCTOU and atomic context), the cBPF instruction skeleton, the multi-ABI bypasses every filter must defend against, and the eight SECCOMP_RET_* actions that power modern container security — including the USER_NOTIF + fd-injection pattern that runc/crun use.