Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reuse readonlyRootFilesystem for all tasks definitions #997

Open
vdelendik opened this issue Dec 12, 2023 · 1 comment · May be fixed by #1003
Open

reuse readonlyRootFilesystem for all tasks definitions #997

vdelendik opened this issue Dec 12, 2023 · 1 comment · May be fixed by #1003
Labels
enhancement New feature or request

Comments

@vdelendik
Copy link
Contributor 

One more alert popped up again for ECS containers being limited to read-only for filesystems. Is this expected? Are containers not read-only right now?
https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5
docs.aws.amazon.comdocs.aws.amazon.com
[Amazon ECS controls - AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5)
See a list of Amazon ECS controls that AWS Security Hub supports.

Let's update and test task definitions using explicit declaration of readonlyRootFilesystem parameter to true. We don't write any content to the server so potentially it is just a matter of definition
@vdelendik vdelendik added the enhancement New feature or request label Dec 12, 2023
@vdelendik vdelendik added this to the 2.7 milestone Dec 12, 2023
@dmtgrinevich dmtgrinevich linked a pull request Dec 22, 2023 that will close this issue
[draft] Disabled root write permissions for containers for which it doesn't a… #1003
Open
dmtgrinevich added a commit that referenced this issue Jan 29, 2024
@dmtgrinevich
Merge branch 'develop' into #997
787e02b
@dmtgrinevich
Copy link
Contributor

Enabled ReadonlyRoot only for uploader, clone, entrypoint, maven, generic's recorder containers

@dmtgrinevich dmtgrinevich modified the milestones: 2.7, 2.8 Jan 31, 2024
@dmtgrinevich dmtgrinevich modified the milestones: 2.8, 2.9 Apr 3, 2024
@vdelendik vdelendik modified the milestones: 2.9, 3.0 Apr 24, 2024
@dmtgrinevich dmtgrinevich modified the milestones: 3.0, 3.1 Jun 4, 2024
@dmtgrinevich dmtgrinevich removed this from the 3.1 milestone Jul 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[draft] Disabled root write permissions for containers for which it doesn't a… zebrunner/esg
2 participants
@vdelendik @dmtgrinevich