💾 Archived View for gemini.tuxmachines.org › n › 2023 › 05 › 24 › Red_Hat_Leftovers.gmi captured on 2023-05-24 at 17:44:50. Gemini links have been rewritten to link to archived content
➡️ Next capture (2024-06-20)
-=-=-=-=-=-=-
Tux Machines
Posted by Roy Schestowitz on May 24, 2023
=> https://kubernetes.io/blog/2023/05/24/oci-security-profiles/ ↺ Blog: Using OCI artifacts to distribute security profiles for seccomp, SELinux and AppArmor
The Security Profiles Operator (SPO) makes managing seccomp, SELinux and AppArmor profiles within Kubernetes easier than ever. It allows cluster administrators to define the profiles in a predefined custom resource YAML, which then gets distributed by the SPO into the whole cluster. Modification and removal of the security profiles are managed by the operator in the same way, but that’s a small subset of its capabilities.
=> https://github.com/kubernetes-sigs/security-profiles-operator ↺ Security Profiles Operator (SPO)
Another core feature of the SPO is being able to stack seccomp profiles. This means that users can define a baseProfileName in the YAML specification, which then gets automatically resolved by the operator and combines the syscall rules. If a base profile has another baseProfileName, then the operator will recursively resolve the profiles up to a certain depth. A common use case is to define base profiles for low level container runtimes (like runc or crun) which then contain syscalls which are required in any case to run the container. Alternatively, application developers can define seccomp base profiles for their standard distribution containers and stack dedicated profiles for the application logic on top. This way developers can focus on maintaining seccomp profiles which are way simpler and scoped to the application logic, without having a need to take the whole infrastructure setup into account.
=> https://github.com/opencontainers/runc ↺ runc
=> https://github.com/containers/crun ↺ crun
But how to maintain those base profiles? For example, the amount of required syscalls for a runtime can change over its release cycle in the same way it can change for the main application. Base profiles have to be available in the same cluster, otherwise the main seccomp profile will fail to deploy. This means that they’re tightly coupled to the main application profiles, which acts against the main idea of base profiles. Distributing and managing them as plain files feels like an additional burden to solve.
=> https://github.com/kubernetes-sigs/security-profiles-operator ↺ Security Profiles Operator (SPO)
=> https://github.com/opencontainers/runc ↺ runc
=> https://github.com/containers/crun ↺ crun
=> https://developers.redhat.com/articles/2023/05/23/developers-guide-red-hat-developer-hub-and-janus ↺ A developer’s guide to Red Hat Developer Hub and Janus
This article introduces the new Red Hat Developer Hub and Janus project to address the challenges IT organizations face in the development process. A developer’s work can be fraught with disparate development systems and distributed teams, and organizations with multiple development teams often struggle with competing priorities, diverse tools and technologies, and establishing best practices.
=> https://developers.redhat.com/products/developer-hub/overview ↺ Red Hat Developer Hub
These challenges make it difficult to quickly start development and adhere to multiple security and compliance standards. A unified platform that can consolidate these elements of the development process and foster internal collaboration will enable development teams to focus on rapidly enhancing code and functionality to efficiently build high-quality software.
=> https://developers.redhat.com/products/developer-hub/overview ↺ Red Hat Developer Hub
=> https://www.linuxinsider.com/story/red-hat-summit-targets-fixing-open-source-code-flaws-177071.html ↺ Red Hat Summit Targets Fixing Open-Source Code Flaws
A significant portion of the focus for the Red Hat Software Summit held in Boston this week are three core products designed to meet the growing demands for better software security and government regulations requiring enhanced application security across all industries.
=> https://www.securityweek.com/red-hat-pushes-new-tools-to-secure-software-supply-chain/ ↺ Red Hat Pushes New Tools to Secure Software Supply Chain
Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.
=> https://cloudnativenow.com/features/red-hat-adds-interconnect-and-cybersecurity-services-for-kubernetes/ ↺ Red Hat Adds Interconnect and Cybersecurity Services for Kubernetes
Red Hat today added a Red Hat Service Interconnect to its portfolio that is based on an open source Skupper.io project that enables Layer 7 networking between application components running on different platforms.
=> https://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available ↺ Podman Desktop 1.0: Local container development made easy
As containerization continues to gain popularity in the world of enterprise software development, there is also growing demand for tools and technologies that make container management more accessible and efficient. One such tool is Podman Desktop, which provides a user-friendly interface for managing containers and working with Kubernetes from a local machine (Figure 1).
=> https://developers.redhat.com/topics/containers ↺ container
=> https://developers.redhat.com/topics/kubernetes ↺ Kubernetes
=> https://developers.redhat.com/topics/containers ↺ container
=> https://developers.redhat.com/topics/kubernetes ↺ Kubernetes