Bug 1807841 - swift_rsync container runs privileged
Summary: swift_rsync container runs privileged
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 16.0 (Train)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: beta
: 16.1 (Train on RHEL 8.2)
Assignee: Grzegorz Grasza
QA Contact: Jeremy Agee
URL:
Whiteboard: docs-accepted
Depends On:
Blocks: 1752795 1829043
TreeView+ depends on / blocked
 
Reported: 2020-02-27 10:51 UTC by Grzegorz Grasza
Modified: 2020-07-29 07:51 UTC (History)
7 users (show)

Fixed In Version: openstack-tripleo-heat-templates-11.3.2-0.20200608033439.e136acb.el8ost
Doc Type: Enhancement
Doc Text:
With this update, the `swift_rsync` container runs in unprivileged mode. This makes the `swift_rsync` container more secure.
Clone Of:
Environment:
Last Closed: 2020-07-29 07:50:57 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1864986 0 None None None 2020-02-27 10:53:24 UTC
OpenStack gerrit 710225 0 None MERGED Run the swift_rsync container unprivileged 2021-01-26 02:39:25 UTC
OpenStack gerrit 710999 0 None MERGED Run the swift_rsync container unprivileged 2021-01-26 02:39:25 UTC
Red Hat Product Errata RHBA-2020:3148 0 None None None 2020-07-29 07:51:20 UTC

Description Grzegorz Grasza 2020-02-27 10:51:21 UTC 
Description of problem:

swift_rsync container runs privileged in OSP

Version-Release number of selected component (if applicable):

All versions

How reproducible:


Steps to Reproduce:
1. Run the deployment
2. Check with docker inspect
3. Look for privileged=true

Actual results:

Container runs privileged (privileged=true)

Expected results:

Container runs privileged flag equals false

Additional info:
Comment 12 errata-xmlrpc 2020-07-29 07:50:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3148
Note You need to log in before you can comment on or make changes to this bug.