Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1814

specify `add_inheritable_capabilities` on upgrades from 4.11

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Normal
    • 4.11.z
    • 4.11.z
    • Node / CRI-O
    • 3
    • OCPNODE Sprint 225 (Green)
    • 1
    • False
    • Hide

      None

      Show
      None

    Description

      4.12 will have an option in cri-o: add_inheritable_capabilities which will allow a user to opt-out of dropping inheritable capabilities (which comes as a fix for CVE-2022-27652). We should add it by default as a drop-in in 4.11 so clusters that upgrade from it inherit the old behavior

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1939 [4.11] specify `add_inheritable_capabilities` on upgrades from 4.11

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is depended on by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1939 [4.11] specify `add_inheritable_capabilities` on upgrades from 4.11

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/machine-config-operator#3352: Jira OCPBUGS-1814: Create a drop-in file for cri-o's add inheritable capabilities

          Activity

            People

              pehunt@redhat.com Peter Hunt
              pehunt@redhat.com Peter Hunt
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: