Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1939

[4.11] specify `add_inheritable_capabilities` on upgrades from 4.11

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Done
    • 4.11.z
    • 4.11.z
    • Node / CRI-O
    • 3
    • Hide

      None

      Show
      None

    Description

      4.12 will have an option in cri-o: add_inheritable_capabilities which will allow a user to opt-out of dropping inheritable capabilities (which comes as a fix for CVE-2022-27652). We should add it by default as a drop-in in 4.11 so clusters that upgrade from it inherit the old behavior

      Attachments

        Issue Links

          Activity

            People

              pehunt@redhat.com Peter Hunt
              pehunt@redhat.com Peter Hunt
              Min Li Min Li
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: