@@ -41,6 +41,12 @@ AVD-KSV-0048
4141# which is impractical for a cluster-wide controller.
4242AVD-KSV-0041
4343
44+ # NOTE: KSV-0049 (create/update/patch/delete on 'configmaps') is intentionally
45+ # NOT suppressed. The controller ClusterRole grants `configmaps: ["get"]` only
46+ # (read-only kata source-object probe, ADR 0002); the reclaim-agent ConfigMap
47+ # projection writes ride the resolved child-cluster kubeconfig identity, not the
48+ # controller token. There is no configmap-write finding to suppress.
49+
4450# ─────────────────────────────────────────────────────────────────────────────
4551# Deployment — deploy/deployment/deployment.yaml
4652# ─────────────────────────────────────────────────────────────────────────────
@@ -190,6 +196,61 @@ AVD-KSV-0116
190196# armed.
191197AVD-KSV-0022
192198
199+ # ─────────────────────────────────────────────────────────────────────────────
200+ # DaemonSet — deploy/kata-config-agent/daemonset.yaml
201+ # ─────────────────────────────────────────────────────────────────────────────
202+ #
203+ # The kata-config-agent shares most of its hardened-but-rooted posture with the
204+ # reclaim agent, so the hostPath (KSV-0023/0121), hostPID (KSV-0010), and
205+ # root/runAsNonRoot/runAsGroup findings (KSV-0012/0118/0105/0020/0021/0116) are
206+ # already suppressed above by the same global rule IDs. The two additional
207+ # findings are privileged (KSV-0017) and its capability corollary (KSV-0106):
208+
209+ # KSV-0017 — Container 'agent' should not run as privileged.
210+ # Architecturally required (ADR 0003). The agent's job is to write a Kata
211+ # containerd drop-in to the HOST filesystem and bounce the host k0s service via
212+ # `nsenter -t 1 -m -u -i -n -p -- systemctl restart <restartService>` so
213+ # containerd reloads it. setns() into the host mount/PID namespaces requires
214+ # `privileged: true` (hostPID alone is insufficient for the mount-namespace
215+ # entry). The escalation is bounded by: opt-in nodeSelector
216+ # (5spot.finos.org/kata-config=enabled — lands only on nodes the controller
217+ # labelled, which only happens when an SM with spec.kata resolves a source on
218+ # this cluster), readOnlyRootFilesystem, seccomp RuntimeDefault, a single-purpose
219+ # binary with no shell, and a narrow node-scoped ServiceAccount (nodes get/patch
220+ # on its own Node + read-only configmaps/secrets in its target namespace).
221+ AVD-KSV-0017
222+
223+ # KSV-0106 — Container 'agent' should drop all capabilities (and only add
224+ # NET_BIND_SERVICE). Moot under privileged: true (KSV-0017 above, ADR 0003): a
225+ # privileged container holds the full Linux capability set regardless of any
226+ # securityContext.capabilities.drop list, so `capabilities.drop: [ALL]` would be
227+ # a no-op rather than a real hardening — adding it would misrepresent the
228+ # container's effective privileges in an audit. The agent needs no
229+ # NET_BIND_SERVICE (it binds no privileged ports; it writes the host drop-in and
230+ # bounces the k0s service via nsenter). The escalation is bounded by the same
231+ # controls justified for KSV-0017: opt-in nodeSelector, readOnlyRootFilesystem,
232+ # seccomp RuntimeDefault, a shell-less single-purpose binary, and a narrow
233+ # node-scoped ServiceAccount.
234+ AVD-KSV-0106
235+
236+ # ─────────────────────────────────────────────────────────────────────────────
237+ # RBAC — deploy/kata-config-agent/rbac.yaml
238+ # ─────────────────────────────────────────────────────────────────────────────
239+
240+ # KSV-0113 — Role '5spot-kata-config-agent' shouldn't view/manage secrets in
241+ # namespace '5spot-system'.
242+ # Access is READ-ONLY and narrowed to `get` (no list/watch, no create/update/
243+ # patch/delete) — the "manage" wording is misleading; the rule fires on any
244+ # namespace-scoped secret read. The grant is architecturally required: a Kata
245+ # drop-in source object may be a Secret (spec.kata referencing a Secret, ADR
246+ # 0002), and the agent resolves it with a direct GET by the exact name carried
247+ # in its Node's kata-config-ref annotation — it never enumerates. Same posture
248+ # as the controller's KSV-0041 read-only secrets suppression. Tightening
249+ # further (e.g. dropping `get`) would remove the Secret-backed drop-in source
250+ # capability entirely; scope is already minimal (single namespace, get-only,
251+ # opt-in nodeSelector).
252+ AVD-KSV-0113
253+
193254# ─────────────────────────────────────────────────────────────────────────────
194255# Dockerfile — Dockerfile, Dockerfile.chainguard
195256# ─────────────────────────────────────────────────────────────────────────────
0 commit comments