Description of problem: The test infra requires that /etc/passwd will be writable. The underlying issue is not a cve, it is trivial for any container launcher to gain control of /etc/passwd. The baremetal image is intended for a wide range of uses and this use is deliberate until we have moved all test infra to a 4.x version.
Hi Raviv, the change is required to allow the OpenShift CI (in particular baremetal ipi e2e test) to work properly. The baremetal-installer image is currently used by the CI job. Thanks Andrea
Andrea Fasano help to verify this BZ, it is working for CI
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.5 image release advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409