XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 100% To Do, 0% In Progress, 0% Done
    • 0

      Feature Overview (aka. Goal Summary)  

      Control Plane containers to have isolated permissions to protect the host and each other from potential security threats. 

      In OpenShift 4.17 there's a new feature that allows running containers in Linux user namespaces (https://docs.openshift.com/container-platform/4.17/nodes/pods/nodes-pods-user-namespaces.html). 

      This feature would enable the control plane containers to leverage this functionality to further protect the host.

      Why Is User Namespace Isolation Important?

      Default Setup: Containers usually run in the host's root namespace, sometimes required for specific features.

      Security Risk: Running in the host namespace can allow container breakouts, where a container process could access or modify files on the host or other containers.

      OCPSTRAT-1654 adds full support to user namespaces in pods.

              racedoro@redhat.com Ramon Acedo
              racedoro@redhat.com Ramon Acedo
              Matthew Werner Matthew Werner
              Abu H Kashem Abu H Kashem
              Ramon Acedo Ramon Acedo
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: