Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-13293

Horizon: stop running application as root

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhos-18.0 FR 3
    • None
    • None
    • None

      Pulling comment from OSPRH-9336: Horizon: Operation logs permission denied

      Question is, is there some Django interface that allows us to set the permissions of this log file when it's created?

      Or, maybe the real solution here is to stop running the Horizon application as root.

      https://github.com/openstack-k8s-operators/horizon-operator/blob/main/pkg/horizon/deployment.go#L42

      This would be the preferable solution here, since it's unnecessary to run Horizon as the root user.

      Some examples of other operators moving away from UID 0, like Nova for example:

      https://github.com/openstack-k8s-operators/nova-operator/commit/d644726c0c38667093f336e707f974027f42cbac#diff-a2841f823a9a65317ca2ce32fcea9a4902bc3d7340f2d2e8cd99ef4922c9552f

              Unassigned Unassigned
              omcgonag@redhat.com Owen McGonagle
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: