Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.17
Component/s: Networking / On-Prem Host Networking
Labels:
None

Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.17.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

During a security audit, questions were raised about why a number of our containers run privileged. The short answer is that they are doing things that require more permissions than a regular container, but what is not clear is whether we could accomplish the same thing by adding individual capabilities. If it is not necessary to run them fully privileged then we should stop doing that. If it is necessary for some reason we'll need to document why the container must be privileged.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

Expected results:

Additional info:

links to

openshift/machine-config-operator#4443: OCPBUGS-36175: Remove privileged flag from on-prem containers

RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update

Assignee:: Benjamin Nemec

Reporter:: Benjamin Nemec

QA Contact:: Zhanqi Zhao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/06/25 3:34 PM

Updated:: 2024/08/15 3:06 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates