Add a linux-security doc entry

Signed-off-by: Itamar Holder <[email protected]>

Author: iholder101

content/en/docs/concepts/security/linux-security.md

@@ -1,10 +1,7 @@
 ---
 reviewers:
-- jayunit100
-- jsturtevant
-- marosset
-- perithompson
-title:    Security For Windows Nodes
+- lmktfy
+title: Security For Linux Nodes
 content_type: concept
 weight: 40
 ---
@@ -17,46 +14,16 @@ This page describes security considerations and best practices specific to the L
 
 ## Protection for Secret data on nodes
 
-On Windows, data from Secrets are written out in clear text onto the node's local
-storage (as compared to using tmpfs / in-memory filesystems on Linux). As a cluster
-operator, you should take both of the following additional measures:
+On Linux nodes, memory-backed volumes (such as [`secret`](/docs/concepts/configuration/secret/)
+volume mounts, or [`emptyDir`](/docs/concepts/storage/volumes/#emptydir) with `medium: Memory`)
+are implemented with a `tmpfs` filesystem.
 
-1. Use file ACLs to secure the Secrets' file location.
-1. Apply volume-level encryption using
-   [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server).
+If you have swap configured and use an older Linux kernel (or a current kernel and an unsupported configuration of Kubernetes),
+**memory** backed volumes can have data written to persistent storage.
 
-## Container users
+The Linux kernel officially supports the `noswap` option from version 6.3,
+therefore it is recommended the used kernel version is 6.3 or later,
+or supports the `noswap` option via a backport, if swap is enabled on the node.
 
-[RunAsUsername](/docs/tasks/configure-pod-container/configure-runasusername)
-can be specified for Windows Pods or containers to execute the container
-processes as specific user. This is roughly equivalent to
-[RunAsUser](/docs/concepts/security/pod-security-policy/#users-and-groups).
-
-Windows containers offer two default user accounts, ContainerUser and ContainerAdministrator.
-The differences between these two user accounts are covered in
-[When to use ContainerAdmin and ContainerUser user accounts](https://docs.microsoft.com/virtualization/windowscontainers/manage-containers/container-security#when-to-use-containeradmin-and-containeruser-user-accounts)
-within Microsoft's _Secure Windows containers_ documentation.
-
-Local users can be added to container images during the container build process.
-
-{{< note >}}
-
-* [Nano Server](https://hub.docker.com/_/microsoft-windows-nanoserver) based images run as
-  `ContainerUser` by default
-* [Server Core](https://hub.docker.com/_/microsoft-windows-servercore) based images run as
-  `ContainerAdministrator` by default
-
-{{< /note >}}
-
-Windows containers can also run as Active Directory identities by utilizing
-[Group Managed Service Accounts](/docs/tasks/configure-pod-container/configure-gmsa/)
-
-## Pod-level security isolation
-
-Linux-specific pod security context mechanisms (such as SELinux, AppArmor, Seccomp, or custom
-POSIX capabilities) are not supported on Windows nodes.
-
-Privileged containers are [not supported](/docs/concepts/windows/intro/#compatibility-v1-pod-spec-containers-securitycontext)
-on Windows.
-Instead [HostProcess containers](/docs/tasks/configure-pod-container/create-hostprocess-pod)
-can be used on Windows to perform many of the tasks performed by privileged containers on Linux.
+Read [swap memory management](/docs/concepts/cluster-administration/swap-memory-management/#memory-backed-volumes)
+for more info.