Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-2745

argocd-redis-pod should run under the scc "restricted" instead of "nonroot"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • 1.7.0
    • None
    • False
    • None
    • False

      Description of problem:

      In ArgoCD-Instances of the Red Hat OpenShift GitOps-Operator (v1.7.0), the redis pod runs under the security context constraints "nonroot", instead of the scc "restricted":

           securityContext:
        capabilities:
          drop:
            - ALL
            - KILL
            - MKNOD
            - SETGID
            - SETUID
        runAsUser: 999
        runAsNonRoot: true
        allowPrivilegeEscalation: false

      The possible setting of the userid by the developer is a security risk.

      Actual results:

      Pod runs under security context constraints "nonroot"

      Expected results:

      argocd-redis-pod should run under the scc "restricted" instead of "nonroot"

              Unassigned Unassigned
              rhn-support-dkarde Dipak Karde
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: