Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1939

[4.11] specify `add_inheritable_capabilities` on upgrades from 4.11

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Normal
    • 4.11.z
    • 4.11.z
    • Node / CRI-O
    • 3
    • Hide

      None

      Show
      None

    Description

      4.12 will have an option in cri-o: add_inheritable_capabilities which will allow a user to opt-out of dropping inheritable capabilities (which comes as a fix for CVE-2022-27652). We should add it by default as a drop-in in 4.11 so clusters that upgrade from it inherit the old behavior

      Attachments

        Issue Links

          blocks

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OTA-794 Raise the minor_min version for 4.11.z to 4.12.0 upgrade once add_inheritable_capabilities MachineConfig released

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          clones

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-1814 specify `add_inheritable_capabilities` on upgrades from 4.11

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          depends on

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-1814 specify `add_inheritable_capabilities` on upgrades from 4.11

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/machine-config-operator#3352: Jira OCPBUGS-1939: Create a drop-in file for cri-o's add inheritable capabilities

          Activity

            People

              pehunt@redhat.com Peter Hunt
              pehunt@redhat.com Peter Hunt
              Min Li Min Li
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: