Bug 2179803
| Summary: | [GSS]The scc rook-ceph and rook-ceph-csi does not have "Required Drop Capabilities" | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat OpenShift Data Foundation | Reporter: | Karun Josy <kjosy> |
| Component: | rook | Assignee: | Subham Rai <srai> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Neha Berry <nberry> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.10 | CC: | odf-bz-bot, rar, sheggodu, srai, tdesala, tiwl, tnielsen |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 4.14.3-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-02-09 06:18:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Karun Josy
2023-03-20 07:04:26 UTC
@tnielsen we can have `requiredDropCapabilities: [all]` but we do need some capabilities, like `MKNOD`those we can add those in `allowedCapabilities:[]`? Let's look at restricting this priv in 4.14. For 4.13 it is too much a risk to break at this point. While waiting for the fix, can i check if NET_BIND_SERVICE can be added to Required Drop Capabilities? # oc describe scc rook-ceph | grep " Required Drop Capabilities" Required Drop Capabilities: <none> # oc describe scc rook-ceph-csi | grep " Required Drop Capabilities" Required Drop Capabilities: <none> |