Bug 1806913
| Summary: | openshift-controller-manager: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Stefan Schimanski <sttts> | |
| Component: | openshift-controller-manager | Assignee: | Adam Kaplan <adam.kaplan> | |
| Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> | |
| Severity: | urgent | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 4.4 | CC: | aos-bugs, ccoleman, eparis, jialiu, jokerman, mfojtik, nhale, nstielau, sfowler, wsun, xiyuan, xtian, xxia | |
| Target Milestone: | --- | |||
| Target Release: | 4.5.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | devex | |||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Cause: the openshift-controller-manager-operator ran in a namespace with run-level 1.
Consequence: the operator could run with elevated SELinux permissions
Fix: removed the run-level 1 annotation from the operator's namespace
Result: openshift-controller-manager-operator runs with the anyuid security context constraint correctly applied
|
Story Points: | --- | |
| Clone Of: | 1805488 | |||
| : | 1807490 (view as bug list) | Environment: | ||
| Last Closed: | 2020-07-13 17:20:54 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1805488, 1807490, 1966621 | |||
|
Comment 6
errata-xmlrpc
2020-07-13 17:20:54 UTC
|