-
Feature
-
Resolution: Done
-
Critical
-
None
-
Strategic Product Work
-
False
-
-
False
-
0% To Do, 0% In Progress, 100% Done
-
0
-
Program Call
-
-
-
This introduces a big change to how kubernetes pods/containers can be run, and CEE should be made aware of how to configure and debug
-
As a openshift admin i want to make sure my openshift is secure which include container and OS . I want to make sure user access to container or OS is given as per need so we can give enough privileges to user in container to do their work and prevent them escaping out to OS with their container privileges and do harm to the OS and other containers. For example a user with root privileges inside container does not necessarily need to have root privileges in OS.
- TP in 4.17
- GA targeted in 4.18
More DetailsĀ
User namespaces isolate security-related identifiers and attributes, in particular, user IDs and group IDs, the root directory, keys, and capabilities. A process's user and group IDs can be different inside and outside a user namespace. In particular, a process can have a normal unprivileged user ID outside a user namespace while at the same time having a user ID of 0 inside the namespace; in other words, the process has full privileges for operations inside the user namespace, but is unprivileged for operations outside the namespace.
- blocks
-
-
- Accepted
-
-
-
- New
-
-
-
- New
-
- is related to
-
-
- Accepted
-
-
-
- New
-
- relates to
-
AUTH-324 User-namespace-aware SCC
-
- Closed
-
-
-
- Accepted
-
- links to
