Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3292

Add `runAsGroup` parameter in SecurityContextConstraint to control GID assigned to the pod.

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Minor
    • None
    • None
    • API, Pod
    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% 0%

    Description

      1. Proposed title of this feature request
      Add `runAsGroup` parameter in SecurityContextConstraint to control GID assigned to the pod.

      2. What is the nature and description of the request?
      Introduce `runAsGroup` parameter same as `runAsUser` parameter in SCC to restrict GID assignment.

      3. Why does the customer need this? (List the business requirements here)
      In cases where the pod uses hostpath volume from worker nodes. The developer can simply put the GID they want in runAsGroup in spec.securityContext and they can get away with this by this and can access the data which they are not allowed.

      4. List any affected packages or components.
      SecurityContextConstraints, PodSecurityAdmission,API, Pod

       

       

       

      Attachments

        Activity

          People

            atelang@redhat.com Anjali Telang
            rhn-support-dpateriy Divyam Pateriya
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: