Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: 4.16.0
Affects Version/s: 4.12.z
Component/s: apiserver-auth
Labels:
None

Severity:
Important
Regression:
No
Sprint:
Auth - Sprint 236, Auth - Sprint 237, Auth - Sprint 238, Auth - Sprint 239, Auth - Sprint 240, Auth - Sprint 241, Auth - Sprint 242, Auth - Sprint 243, Auth - Sprint 245, Auth - Sprint 249, Auth - Sprint 250
sprint_count:
11
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:

When I create a pod with empty security context as a user that has access to all SCCs, the SCC annotation shows "privileged"

Version-Release number of selected component (if applicable):

4.12

How reproducible:

100%

Steps to Reproduce:

1. create a bare pod with an empty security context
2. look at the "openshift.io/scc" annotation

Actual results:

privileged

Expected results:

anyuid

Additional info:

kind: Pod
apiVersion: v1
metadata:
  name: mypod
spec:
    restartPolicy: Never
    containers:
    - name: fedora
      image: fedora:latest
      command:
      - sleep
      args:
      - "infinity"

Attachments

Issue Links

links to

openshift/apiserver-library-go#117: OCPBUGS-11933: Ignore informative annotations upon admission

openshift/kubernetes#1910: OCPBUGS-11933: UPSTREAM: <drop>: bump apiserver-library-go

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

Activity

People

Assignee:: Ilias Rinis

Reporter:: Stanislav Laznicka

QA Contact:: Deepak Punia

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 2023/04/18 1:59 PM

Updated:: 2024/05/01 5:12 PM