-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
4.12
-
None
Description of problem:
oc-compliance should comply to restricted pod security level
Version-Release number of selected component (if applicable):
4.11.0-rc.1
How reproducible:
Always
Steps to Reproduce:
1. oc compliance fetch-raw scansettingbinding nist-moderate -o resultsdir/
Actual results:
W1003 08:06:07.360522 18102 warnings.go:70] would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), privileged (container "container-00" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "container-00" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "container-00" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "host" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or container "container-00" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "container-00" must not set runAsUser=0), seccompProfile (pod or container "container-00" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Expected results:
The pod should be launched without the issue warnings
Additional info:
- links to
-
RHBA-2023:5155
OpenShift Container Platform 4.13.z bug fix update
-
RHEA-2023:5177
oc-compliance enhancement update
- mentioned on
