Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-372

Debug pod causes PodSecurity warning

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Undefined
    • None
    • 4.11
    • oc
    • None
    • Moderate
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      When doing an "oc debug node/worker0", a warning is shown about violating the PodSecurity.

      $ oc debug node/pwk-2
      Warning: would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), privileged (container "container-00" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "container-00" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "container-00" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "host" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or container "container-00" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "container-00" must not set runAsUser=0), seccompProfile (pod or container "container-00" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
      Starting pod/pwk-2-debug ...

      Version-Release number of selected component (if applicable):

      How reproducible:

      always

      Steps to Reproduce:
      1.do "oc debug node/$NODE"
      2.
      3.

      Actual results:

      PodSecurity warning is displayed

      Expected results:

      no warning

      Additional info:

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-852 oc debug requires a user to create a namespace with specific security labels

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed

          Activity

            People

              rhn-coreos-sponnaga Sudha Ponnaganti
              joherr John Herr
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: