# DevOpsDayIndia Containers and Orchestrators have abstracted away the process to develop and ship applications. But security still seems to be heavily reliant on the underlying infrastructure. We have static analysers in place to help detect already known vulnerabilities and recognize anti patterns. But zero day vulnerabilities manifest at runtime and no static detection can help prevent it. We need to set up least permissive perimeter for our containerised workloads to detect and prevent malicious actors from manifesting and an convenient and declarative way to enforce the least permissive setting. There's a need for a declarative policy management system for Mandatory Access Control in containerised workloads where underlying infrastructure is abstracted away. There exist primitives that provide the necessary mechanism to protect our containerised workloads but they have a learning curve and need to be well integrated with our cloud native ecosystem especially container runtimes and orchestrators. There have been efforts to bridge these gaps like PodSecurityContext in Kubernetes but we can add on to it to build a more holistic tooling. KubeArmor is a CNCF Sandbox Project which leverages eBPF and LSM superpowers to abstract away the complexities to help protect modern cloud native workloads This talk will address how we bridge this gap by leveraging information from Container Runtimes, Kubernetes API and eBPF observability to help enforce runtime security using Linux Kernel Primitives.