Bug 1945692
Summary: | After fix for CVE-2021-3344, Builds do not mount node entitlement keys | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Gabe Montero <gmontero> | |
Component: | Build | Assignee: | Gabe Montero <gmontero> | |
Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> | |
Severity: | high | Docs Contact: | Rolfe Dlugy-Hegwer <rdlugyhe> | |
Priority: | high | |||
Version: | 4.6 | CC: | ableisch, adam.kaplan, alchan, aos-bugs, ctauchen, gmontero, nalin, npaez, rdlugyhe, wewang, xiuwang | |
Target Milestone: | --- | Keywords: | Regression | |
Target Release: | 4.7.z | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Previously, after CVE-2021-3344 was fixed, builds did not automatically mount entitlement keys on the node. The fix minimized the amount of data copied from a pod’s `/run/secrets` directory to the build container, causing the `/run/secrets/etc-pki-entitlements` file to be omitted. As a result, the fix prevented entitled builds from working seamlessly when the entitlement certificates were stored on the OpenShift host or node.
Now, the OpenShift build image and associated pod mount all entitlement-related files from /run/secrets into the build container. Entitled builds cannot pick up the certificates stored on the OpenShift host/node. Note that you can ignore warning messages like `level=warning msg="Path \"/run/secrets/etc-pki-entitlement\" from \"/etc/containers/mounts.conf\" doesn’t exist, skipping` when running OpenShift Container Platform builds on Red Hat Enterprise Linux CoreOS (RHCOS) nodes
|
Story Points: | --- | |
Clone Of: | 1940488 | |||
: | 1946363 (view as bug list) | Environment: | ||
Last Closed: | 2021-04-20 18:52:39 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1940488 | |||
Bug Blocks: | 1946363 |
Comment 6
errata-xmlrpc
2021-04-20 18:52:39 UTC
|