u/Front_Artist2491

▲ 111 r/seoul

I like the weather today :-)

Seoul, Digital Media City

u/Front_Artist2491 — 15 days ago

▲ 61 r/kubernetes

Hey folks,

I just released a tool to mitigate CVE-2026-31431 using eBPF.

If you're tired of manually configuring seccomp profiles across your clusters, this might be for you. It's deployed as a simple DaemonSet and handles the exploit attempt based on your kernel version:

On supported kernels: It prevents the application from opening sockets with AF_ALG.
On older kernels: It sends a SIGKILL to the process attempting the call.

All it takes is a single DaemonSet deployment. Check it out here:
https://github.com/iwanhae/copyfail-ebpf-k8s

Hope you find it useful! :-)

u/Front_Artist2491 — 21 days ago