Bug 1807490
Summary: | [4.4] openshift-controller-manager: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Adam Kaplan <adam.kaplan> |
Component: | openshift-controller-manager | Assignee: | Adam Kaplan <adam.kaplan> |
Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.4 | CC: | aos-bugs, ccoleman, eparis, jialiu, jokerman, mfojtik, nhale, nstielau, sfowler, sttts, wewang, wsun, xiyuan, xtian, xxia |
Target Milestone: | --- | ||
Target Release: | 4.4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | devex | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: the openshift-controller-manager-operator ran in a namespace with run-level 1.
Consequence: the operator could run with elevated SELinux permissions
Fix: removed the run-level 1 annotation from the operator's namespace
Result: openshift-controller-manager-operator runs with the anyuid security context constraint correctly applied
|
Story Points: | --- |
Clone Of: | 1806913 | Environment: | |
Last Closed: | 2020-05-04 11:42:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1806913 | ||
Bug Blocks: | 1805488, 1966621 |
Comment 6
errata-xmlrpc
2020-05-04 11:42:25 UTC
|