Details
-
Bug
-
Resolution: Done
-
Normal
-
4.11.z
-
3
-
Description
4.12 will have an option in cri-o: add_inheritable_capabilities which will allow a user to opt-out of dropping inheritable capabilities (which comes as a fix for CVE-2022-27652). We should add it by default as a drop-in in 4.11 so clusters that upgrade from it inherit the old behavior
Attachments
Issue Links
- blocks
-
OTA-794 Raise the minor_min version for 4.11.z to 4.12.0 upgrade once add_inheritable_capabilities MachineConfig released
-
- Closed
-
- clones
-
OCPBUGS-1814 specify `add_inheritable_capabilities` on upgrades from 4.11
-
- Closed
-
- depends on
-
OCPBUGS-1814 specify `add_inheritable_capabilities` on upgrades from 4.11
-
- Closed
-
- links to