Uploaded image for project: 'Zero Trust Workload Identity Manager'
  1. Zero Trust Workload Identity Manager
  2. SPIRE-82 Threat Model Findings
  3. SPIRE-94

T1989: Run pods with the most restrictive Security Context Constraints possible (OpenShift)

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • OAPE Sprint 277
    • 1

      Use the following approach to create the final security context for the pod:

      • Retrieve all SCCs available for use.
      • Generate field values for security context settings that were not specified on the request.
      • Validate the final settings against the available constraints.

      If a matching set of constraints is found, then the pod is accepted. If the request cannot be matched to an SCC, the pod is rejected.
      A pod must validate every field against the SCC.

      Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-3-supporting-and-tooling-offering/openshift-zero-trust-workload-identity-manager/tasks/phase/deployment/311-T1989/

              rh-ee-aagnihot Anirudh Agnihotri
              sdelements Jira-SD-Elements-Integration Bot
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated: