Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1814

specify `add_inheritable_capabilities` on upgrades from 4.11

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • 4.11.z
    • 4.11.z
    • Node / CRI-O
    • 3
    • OCPNODE Sprint 225 (Green)
    • 1
    • False
    • Hide

      None

      Show
      None

      4.12 will have an option in cri-o: add_inheritable_capabilities which will allow a user to opt-out of dropping inheritable capabilities (which comes as a fix for CVE-2022-27652). We should add it by default as a drop-in in 4.11 so clusters that upgrade from it inherit the old behavior

            pehunt@redhat.com Peter Hunt
            pehunt@redhat.com Peter Hunt
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: