Skip to content

Platform Compatibility

cloudtaser runs on any Kubernetes cluster with Linux nodes. The protection score and the synchronous-vs-reactive enforcement posture both vary by node distribution due to kernel-config differences in CONFIG_BPF_KPROBE_OVERRIDE and the ALLOW_ERROR_INJECTION allow-list. The matrix below summarises the kernel-team-endorsed posture per managed-K8s offering and per common self-managed distro.

Process-memory-access enforcement: BPF LSM matrix

The table below shows whether process_vm_readv, ptrace, and /proc/PID/mem are synchronously blocked or not blocked (detect-only: the read succeeds and the secret is disclosed; reactive kill fires after the fact but does not prevent extraction) on each platform. The blocking mechanism is the BPF LSM hook lsm_ptrace_access_check, which returns -EPERM before the syscall executes. This is independent of CONFIG_BPF_KPROBE_OVERRIDE.

Distro / runtime bpf in boot-time LSM stack process_vm_readv / ptrace / /proc/PID/mem Notes
GKE COS (incl. Confidential Computing) Yes Blocked (verified) Verified live on COS 6.12 with cloudtaser-ebpf v0.4.54: lsm_ptrace_access_check attaches and returns EPERM
GKE Ubuntu Expected yes Blocked if bpf in LSM stack Not yet independently verified by CloudTaser; verify on your nodes
EKS Bottlerocket Unknown Blocked if bpf in LSM stack Not yet independently verified by CloudTaser; docs#238 flagged Bottlerocket as a kernel without enforcement
EKS Amazon Linux 2023 Unknown Blocked if bpf in LSM stack Not yet independently verified by CloudTaser
AKS Azure Linux 3.0+ Unknown Blocked if bpf in LSM stack Not yet independently verified by CloudTaser
AKS Ubuntu 22.04 Unknown Blocked if bpf in LSM stack Not yet independently verified by CloudTaser
k3s on Ubuntu (default) Depends on distro kernel Blocked if bpf in LSM stack Verify with cat /sys/kernel/security/lsm on your nodes
Talos Linux Expected yes Blocked if bpf in LSM stack Not yet independently verified by CloudTaser
Kernel without bpf in LSM stack No Not blocked (detect-only) Read succeeds; secret disclosed. Reactive kill fires after the fact but does not prevent extraction. Add bpf to lsm= boot parameter or use GKE CC/COS

AMD SEV / Confidential Computing is complementary, not a substitute

AMD SEV-SNP (and Intel TDX, ARM CCA) protects guest memory from the hypervisor -- the cloud provider cannot inspect VM RAM. cloudtaser's BPF LSM enforcement protects secrets from in-guest privileged processes (e.g., a hostPID pod or a container escape to root). A process_vm_readv call originates inside the guest -- SEV does not block it. The BPF LSM hook does. The two layers are complementary: SEV closes the hypervisor gap; BPF LSM closes the in-guest gap.

Synchronous-blocking eBPF security: per-distro matrix

Distro / runtime BPF_KPROBE_OVERRIDE BPF_LSM Synchronous-blocking eBPF security? Recommendation
GKE COS (5.15 / 6.1 / 6.6) No Yes LSM-only (post-#174); detect+kill on the kprobe path today Supported; pair with Ubuntu nodes for double-coverage today
GKE Ubuntu (linux-gke 6.8+) Yes Yes Full (LSM + kprobe override on the override-allowed subset; perf_event_open migrates via #175) Recommended for highest assurance today
EKS Bottlerocket No Yes LSM-only (post-#174); detect+kill on the kprobe path today Same posture as GKE COS
EKS Amazon Linux 2023 Yes Yes Full Closer to upstream default; same posture as Ubuntu
AKS Azure Linux 3.0+ Yes Yes Full BPF_KPROBE_OVERRIDE recently added; same posture as Ubuntu
AKS Ubuntu 22.04 Yes Yes Full Baseline
k3s on Ubuntu Yes Yes Full Full control over kernel config
Talos Linux No (lockdown) Yes LSM-only (post-#174) COS-philosophy: production-hardened distro that disables error_injection

Reading the matrix:

  • BPF_KPROBE_OVERRIDE = Yes means bpf_override_return() works on this kernel — eBPF programs can synchronously prevent a syscall from executing. cloudtaser uses this for ~15 of 16 enforced syscalls on Ubuntu / AL2023 / AKS Azure Linux today.
  • BPF_LSM = Yes means CONFIG_BPF_LSM=y is compiled into the kernel and bpf_lsm_* hook attach is available. This is the kernel-team-endorsed path for synchronous policy in production and is supported across both Ubuntu and COS / Bottlerocket / Talos.
  • Synchronous-blocking eBPF security? is the user-visible enforcement posture. "Full" means cloudtaser's syscall-blocking programs return the deny verdict before the syscall completes. "LSM-only (post-#174)" means the kprobe path is unavailable and the LSM-hook re-route is the path forward; today, those distros run in detect+kill mode on the kprobe path while the wrapper's dumpable=0 (+5) provides the synchronous baseline.

Why some distros disable BPF_KPROBE_OVERRIDE

bpf_override_return() was originally designed for kernel-developer error-injection testing and depends on a per-syscall ALLOW_ERROR_INJECTION allow-list that is intentionally narrow. Production-hardened distros (COS, Bottlerocket, Talos) treat error-injection as a debug-only feature and ship with CONFIG_BPF_KPROBE_OVERRIDE=n. The kernel-team-endorsed alternative is BPF LSM, which is supported across all of them — that's why cloudtaser-ebpf#174 is a strategic migration rather than a tactical workaround.

Protection score by platform

The matrix below shows the achievable protection score today and the post-migration target. See Protection Score Reference for the per-check breakdown.

Platform Achievable Today Target (post-#175) Path to Maximum
GKE Ubuntu + Confidential Nodes 100 115 Already on the recommended path
GKE Ubuntu (non-confidential) 90 105 Add --enable-confidential-nodes
GKE COS + Confidential Nodes 85 100 (post-#174) Switch to --image-type UBUNTU_CONTAINERD for full kprobe today
GKE COS (non-confidential) 75 90 (post-#174) Switch to Ubuntu + Confidential
EKS Amazon Linux 2023 90 105 No AWS confidential equivalent yet
EKS Bottlerocket 75 90 (post-#174) Same posture as GKE COS — pair with Ubuntu nodes for double-coverage
AKS Ubuntu 22.04 90 105 Use DCasv5 / ECasv5 Confidential VMs
AKS Azure Linux 3.0+ 90 105 Newly supports BPF_KPROBE_OVERRIDE; same posture as Ubuntu
k3s on Ubuntu 90 105 Full control — pick the kernel and hardware
Talos Linux 75 90 (post-#174) Same posture as COS / Bottlerocket

For the highest protection score available today (100/115), use GKE with Ubuntu node images and Confidential Nodes:

gcloud container node-pools create cloudtaser-pool \
  --cluster=my-cluster \
  --image-type=UBUNTU_CONTAINERD \
  --enable-confidential-nodes \
  --machine-type=n2d-standard-4

This is the only managed-Kubernetes option that combines memfd_secret (kernel-invisible memory, +15), CONFIG_BPF_KPROBE_OVERRIDE=y on the override-allowed subset (synchronous block on 15 of 16 enforced syscalls, +15 once perf_event_open migrates), and AMD SEV-SNP confidential compute (+10).

See GKE Deployment Guide for a step-by-step walkthrough.

Why scores differ — feature drilldown

memfd_secret (15 points)

memfd_secret() creates memory regions invisible to the kernel itself. Requires CONFIG_SECRETMEM=y in the kernel.

  • Available on: GKE (COS + Ubuntu), AKS Azure Linux, EKS AL2023, kernels 5.14+ with CONFIG_SECRETMEM
  • Missing on: AKS Ubuntu 22.04 (Azure kernel disables CONFIG_SECRETMEM despite 5.14+ kernel)
  • Fallback: memfd_create + mlock — secrets still protected from swap and core dumps but visible to kernel modules

kprobe override enforcement (15 points)

bpf_override_return() allows the eBPF agent to synchronously block syscalls (for example, prevent /proc/PID/environ reads from sibling cgroups). Requires both:

  1. CONFIG_BPF_KPROBE_OVERRIDE=y in the running kernel, and
  2. The target syscall function present in the upstream kernel's ALLOW_ERROR_INJECTION allow-list.

Both gates are necessary. kprobe_perf_event_open will never load on stock kernels because do_sys_perf_event_open is not in the allow-list upstream — see cloudtaser-ebpf#175 for the migration to bpf_lsm_perf_event_open.

  • Available on: Ubuntu kernels (Canonical enables this by default), AL2023, AKS Azure Linux 3.0+, k3s on Ubuntu
  • Missing on: COS, Bottlerocket, Talos (production-hardened distros disable error-injection)
  • Fallback: Reactive kill — the agent detects the violation via tracepoint and SIGKILLs the process. The wrapper's dumpable=0 (+5) provides a synchronous baseline that is independent of kprobe override.

BPF LSM — the strategic path forward

CONFIG_BPF_LSM=y is supported across all the distros in the matrix above, including COS / Bottlerocket / Talos. BPF LSM hooks (bpf_lsm_*) are the kernel-team-endorsed mechanism for synchronous BPF policy in production. cloudtaser-ebpf#174 tracks the strategic migration of cloudtaser's enforcement programs from kprobe override to BPF LSM hooks. Once that ships, all distros in the matrix reach synchronous-block parity on the cloudtaser-enforced syscalls.

Composing with other BPF LSM tools

cloudtaser-ebpf does not occupy the entire BPF LSM stack. BPF LSM-based tools compose cleanly with cloudtaser — they hook different LSM call sites and do not conflict with cloudtaser's syscall-blocking programs:

  • Tetragon — Cilium's runtime security observability and enforcement. Synchronous policy via BPF LSM hooks; fully supported on COS / Bottlerocket / Talos.
  • KubeArmor — runtime policy via BPF LSM and AppArmor / SELinux fallback. Strong on file-path policy and process whitelisting per container.

A forthcoming comparison page on cloudtaser.io will document recommended pairings and threat-model overlap — see cloudtaser-io-website#277.

Remaining 15 points

Two checks require infrastructure changes not always available on standard managed Kubernetes:

  • cpu_mitigations (5 pts) — kernel boot parameters for CPU vulnerability mitigations. Not configurable on most managed K8s offerings.
  • confidential_vm (10 pts) — AMD SEV-SNP / Intel TDX hardware memory encryption. Requires specific VM types (GKE: --enable-confidential-nodes; AKS: DCasv5 / ECasv5; AWS: no managed equivalent yet).

References