-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
False
-
-
False
-
CLOSED
-
---
-
---
-
Medium
-
None
Description of problem:
-----------------------
Test run[1] that looks for 'pod security violation entries' in audit logs,against 4.11.1-20, found few audit violation.
This bug is to fix violation in 'cdi-source-update-poller' container.
<snip>
'pod-security.kubernetes.io/audit-violations': 'would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "cdi-source-update-poller" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "cdi-source-update-poller" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "cdi-source-update-poller" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "cdi-source-update-poller" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")'}}
</snip>
Version-Release number of selected component (if applicable):
-------------------------------------------------------------
4.11.1-20
How reproducible:
-----------------
Always
Expected results:
-----------------
No audit-violation to be found