Classic confinement request for fortd

In the code kubectl has been used as a binary. Since kubectl is a classic confinement, thats why need to make fortd classic as well.

@ffoysal Can you please elaborate more on what the purpose of fortd is? Also how is it using kubectl? Please provide more information so we can properly evaluate this request.

it is very custom service, that download kubernetes manifests from our own repo and deploy them in kubernetes cluster. In order to deploy them in microk8s cluster we use kubectl after downloading kubernetes manifests files.

Hey @ffoysal,

Have you explored shipping kubectl within fortd? Doing that + plugging some interfaces depending on where fortd needs to download the kubernetes manifests (such as home, removable-media, personal-files or even system-files), you could remain under strict confinement.

Thanks,

1 Like