Description of problem:
When referring to the OpenShift documentation [-], it states that the allowPrivilegeEscalation must be unset or set to false in security contexts in restricted SCC. However, in the OpenShift clusters, the default value of allowPrivilegeEscalation is set to true, contrary to the recommendation. [-] https://docs.openshift.com/container-platform/4.17/authentication/managing-security-context-constraints.html
Version-Release number of selected component (if applicable):
All 4.z OCP versions
How reproducible:
100%
Steps to Reproduce:
1. Follow the OpenShift documentation regarding allowPrivilegeEscalation configuration, which recommends it being unset or set to false. 2. Create a new OpenShift cluster. 3. Verify the default value of allowPrivilegeEscalation in the restricted scc yaml.
Actual results:
The value of allowPrivilegeEscalation is set to true by default in the restricted scc in the cluster, however is recommended false as per the official OpenShift documentation.
Expected results:
The value of allowPrivilegeEscalation should be false or unset in the restricted scc as stated in the documentation.
Additional info:
Impact: This discrepancy between the documentation and the actual cluster configuration may lead to potential security risks if allowPrivilegeEscalation is inadvertently left set to true in production environments.