Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1752

Read-Only Root Filesystem for OpenShift Node Tuning Operator (NTO)

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Obsolete
    • Icon: Undefined Undefined
    • None
    • None
    • Node
    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 0% To Do, 0% In Progress, 100% Done
    • 0

      Feature Overview (aka. Goal Summary)  

      The Cluster Node Tuning Operator (NTO) in OpenShift 4.17 is being enhanced with improved security by enforcing the "Principle of Least Privilege" through the addition of a readOnlyRootFilesystem configuration. This change ensures that containers run with a read-only root file system, enhancing the overall security posture by reducing the risk of malicious tampering or accidental changes to the container’s file system.

      https://github.com/openshift/cluster-node-tuning-operator/pull/1099 

              Unassigned Unassigned
              gausingh@redhat.com Gaurav Singh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: