The Cloud-Native Security Expert Course is a vendor-neutral cloud-native certification program in security
Common Questions:
Q1: Why Seccomp profile chmod is not blocked?
A: The chmod is not blockable when you have access as the owner. However, if you try to access other users, the rule will be active, preventing you from executing chmod for other users.
Q2: Question on the cosign exercises - why does Harbor trust the key that I have generated on my machine? isn't this just a self-signed keypair?
A: The keypair you generate for Cosign is effectively a self-signed keypair.
Even though it's a self-signed keypair, Harbor trusts it because:
-
You have declared that you are the owner of the keypair.
-
You keep the private key secret.
-
The public key is used by Harbor to verify the signatures.
This trust is established through these steps:
-
You generate a pair of keys (one public and one private) on your machine.
-
You keep the private key secure and secret on your machine, and this key is used to sign your software.
-
The public key, on the other hand, is shared with Harbor. Harbor trusts your key because you have passed it that public key. The public key can be used to verify the signature made by the private key, but cannot be used to make a new signature.
Think of it like presenting your ID at an airport. The ID is trusted not because of who issued it (in that sense, it's "self-signed"), but because the airport has procedures in place for verifying the authenticity of your ID.