-
Bug
-
Resolution: Done-Errata
-
None
-
False
-
-
False
-
CLOSED
-
If Release Note Needed, Set a Value
-
Set a Value
-
---
-
---
-
CNV-net-QE-230
-
Medium
-
None
Description of problem:
-----------------------
Test run[1] that looks for 'pod security violation entries' in audit logs,against 4.11.1-20, found few audit violation.
This bug is to fix violation in 'bridge-marker' container.
<snip>
'pod-security.kubernetes.io/audit-violations': 'would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), allowPrivilegeEscalation != false (container "bridge-marker" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "bridge-marker" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "bridge-marker" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "bridge-marker" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")'}}
</snip>
Version-Release number of selected component (if applicable):
-------------------------------------------------------------
4.11.1-20
How reproducible:
-----------------
Always
Expected results:
-----------------
No audit-violation to be found
- blocks
-
CNV-18561 [2089744] HCO should label its control plane namespace to admit pods at privileged security level
- Closed
- external trackers