fix(permissions): Restrict the access to /dev on underlying host to read only (with rbac)

Signed-off-by: Fahad Arshad <fahad.arshad@hobsons.com>
2025-07-31 14:11:41 +00:00 · 2019-09-13 08:53:24 -04:00 · 2019-09-13 08:53:24 -04:00 · b951f2bb7d
commit b951f2bb7d
parent fcd1d60657
1 changed files with 1 additions and 0 deletions
--- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml
+++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml
@ -33,6 +33,7 @@ spec:
              name: containerd-socket
            - mountPath: /host/dev
              name: dev-fs
+              readOnly: true
            - mountPath: /host/proc
              name: proc-fs
              readOnly: true