Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-385

readOnlyRootFilesystem should be explicitly to true and if required to false for security reason

XMLWordPrintable

    • readOnlyRootFilesystem should be explicitly to true and if required to false for security reason
    • BU Product Work
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-1699 - Configure containers to set readOnlyRootFilesystem to true
    • OCPSTRAT-1699Configure containers to set readOnlyRootFilesystem to true
    • 100% To Do, 0% In Progress, 0% Done

      1. Proposed title of this feature request
      [openshift-cloud-credential-operator] - readOnlyRootFilesystem should be explicitly to true and if required to false for security reason

      2. What is the nature and description of the request?
      According to security best practice, it's recommended to set readOnlyRootFilesystem: true for all containers running on kubernetes. Given that openshift-cloud-credential-operator does not set that explicitly, it's requested that this is being evaluated and if possible set to readOnlyRootFilesystem: true or otherwise to readOnlyRootFilesystem: false with a potential explanation why the file-system needs to be write-able.

      3. Why does the customer need this? (List the business requirements here)
      Extensive security audits are run on OpenShift Container Platform 4 and are highlighting that many vendor specific container is missing to set readOnlyRootFilesystem: true or else justify why readOnlyRootFilesystem: false is set.

      4. List any affected packages or components.
      openshift-cloud-credential-operator

              jstuever@redhat.com Jeremiah Stuever
              julim Ju Lim
              Jianping Shu Jianping Shu
              Jeana Routh Jeana Routh
              Jeremiah Stuever Jeremiah Stuever
              Jeremiah Stuever Jeremiah Stuever
              Ju Lim Ju Lim
              Eric Rich Eric Rich
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: