Question 1

How do I install Bane on Ubuntu?

Accepted Answer

Download pre-built binaries from the Releases page or install via Go with `go get`. For Ubuntu, you may need to manually place the binary in your PATH and ensure AppArmor is installed and running.

Question 2

Can Bane be used with Kubernetes?

Accepted Answer

Yes, but indirectly. Generate profiles with Bane, load them on Kubernetes nodes, and reference them in pod security contexts. It requires manual integration, as Bane doesn't have native Kubernetes support.

Question 3

Bane vs writing AppArmor profiles manually – which is better?

Accepted Answer

Bane is better for quickly generating profiles with fewer errors using a TOML config. Manual writing offers more fine-grained control for complex rules, but is time-consuming and error-prone.

Question 4

How to audit container activities with Bane?

Accepted Answer

Use the `LogOnWritePaths` option in your TOML config to log write operations. Check dmesg or system logs for entries, as shown in the sample output, to monitor security events.

Question 5

Does Bane support SELinux?

Accepted Answer

No, Bane is specifically designed for AppArmor and does not support SELinux or other MAC systems. You'd need a different tool for SELinux policies.

Question 6

What file globbing patterns does Bane support?

Accepted Answer

Bane supports various glob patterns like `/dir/*`, `/dir/**`, and more, as detailed in the README's file globbing table, allowing flexible definition of file and directory permissions.

Bane

What is Bane?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions