This repository has some demo labs to help you understand how different SCC subsystems work.
It's highly recommended reviewing the following blogs in order to understand the concepts used in the labs:
- Container Security - Linux Capabilities and Secure Compute Profiles
- Capabilities and Seccomp Profiles on Kubernetes
Labs were last tested with OCP v4.11.0.
SCC for workloads, learn how SCCs are accessed, ordered and prioritized for your workloads.
Seccomp profiles, learn how to create your own seccomp profiles and use them on OpenShift.
Capabilities, learn what they are and how you can allow/restrict their use on OpenShift.
SCCs strategies, learn how to work with the different SCC strategies on OpenShift.
Debugging SCCs Issues, apply your knowledge around SCCs to solve some issues related to SCCs.
Privilege Escalation bit, learn how to control if your containers can run privilege escalation operators through the use of no_new_privs bit.
Pod Security Admission, learn how it's configured in OCP 4.11 and what configurations you can do.