Bug 1995295
| Summary: | SCC annotation of ssp-operator was changed to privileged | ||
|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | ibesso <ibesso> |
| Component: | SSP | Assignee: | Andrej Krejcir <akrejcir> |
| Status: | CLOSED ERRATA | QA Contact: | Roni Kishner <rkishner> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.9.0 | CC: | akrejcir, cnv-qe-bugs, rnetser |
| Target Milestone: | --- | ||
| Target Release: | 4.9.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | kubevirt-ssp-operator-container-v4.9.0-24 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-02 16:00:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Tested on ssp-operator: 4.9.0-24 Passed moving to VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.9.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4104 |
Description of problem: ---------------------- The SCC annotation in ssp-operator is "privileged". On v4.8.1-25 (registry-proxy.engineering.redhat.com/rh-osbs/iib:98298), it is "restricted". Version-Release number of selected component (if applicable): ------------------------------------------------------------ HCO: v4.9.0-113 registry-proxy.engineering.redhat.com/rh-osbs/iib:98420 How reproducible: ---------------- 100% Steps to Reproduce: ------------------ 1. $ oc get pod -n openshift-cnv `oc get pod -A |grep ssp-oper |awk '{ print $2 }'` -ojson |jq '.metadata.annotations."openshift.io/scc"' Actual results: -------------- privileged Expected results: ---------------- restricted Additional info: --------------- $ oc version Client Version: 4.9.0-202108121026.p0.git.25b5251.assembly.stream-25b5251 Server Version: 4.9.0-0.nightly-2021-08-14-065522 Kubernetes Version: v1.22.0-rc.0+76ff583 $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.9.0-0.nightly-2021-08-14-065522 True False 2d4h Cluster version is 4.9.0-0.nightly-2021-08-14-065522