Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-2745

argocd-redis-pod should run under the scc "restricted" instead of "nonroot"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • 1.7.0
    • None
    • False
    • None
    • False

      Description of problem:

      In ArgoCD-Instances of the Red Hat OpenShift GitOps-Operator (v1.7.0), the redis pod runs under the security context constraints "nonroot", instead of the scc "restricted":

           securityContext:
        capabilities:
          drop:
            - ALL
            - KILL
            - MKNOD
            - SETGID
            - SETUID
        runAsUser: 999
        runAsNonRoot: true
        allowPrivilegeEscalation: false

      The possible setting of the userid by the developer is a security risk.

      Actual results:

      Pod runs under security context constraints "nonroot"

      Expected results:

      argocd-redis-pod should run under the scc "restricted" instead of "nonroot"

            Unassigned Unassigned
            rhn-support-dkarde Dipak Karde
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: