Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: 4.13.z
Component/s: Security Profiles Operator
Labels:
- TestBlocker
- migrated_from_bz

Severity:
Important
Regression:
None
Release Blocker:
Rejected
Architecture:

Unspecified
Release Note Type:
If docs needed, set a value
Release Note Status:
In Progress

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:

Description of problem:

This is ref to bug https://issues.redhat.com/browse/OCPBUGS-29434

with additional data
SPO version is 0.8.2

We ran into this issue while using SPOD with a P3.2XL aws machine. We manually adjusted the default action to SCMP_ACT_LOG.
We then saw the spod pod no longer in CLBO. Looking at the /var/log/audit.log file we noticed the clock_gettime syscall was being logged by the pod.
Manually adjusting the SCMP_ACT_ALLOW syscall list to permit clock_gettime prevented the issue when switching the default action back to SCMP_ACT_ERRNO.

We then provided the fix upstream via
https://github.com/kubernetes-sigs/security-profiles-operator/pull/2121

clones

OCPBUGS-9269 One of the spod pods keeps restarting

Closed

Assignee:: Vincent Shen

Reporter:: Gagan Mahto

QA Contact:: Xiaojie Yuan

Contributing Groups:: Red Hat Employee

Need Info From:: Xiaojie Yuan

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/02/13 6:51 PM

Updated:: 2024/05/14 10:08 PM

Resolved:: 2024/05/14 10:08 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates