Bug 1815551 - baremetal image requires /etc/passwd be writable
Summary: baremetal image requires /etc/passwd be writable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.4.0
Assignee: Stephen Benjamin
QA Contact: Amit Ugol
URL:
Whiteboard:
Depends On: 1815537
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-20 14:44 UTC by Andrea Fasano
Modified: 2020-05-04 11:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1815537
Environment:
Last Closed: 2020-05-04 11:47:02 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3325 0 None closed Bug 1815551: images/baremetal: make /etc/passwd writeable and add SSH client 2020-04-28 10:56:37 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:47:24 UTC

Description Andrea Fasano 2020-03-20 14:44:07 UTC 
+++ This bug was initially created as a clone of Bug #1815537 +++

Description of problem: 
The test infra requires that /etc/passwd will be writable. The underlying issue is not a cve, it is trivial for any container launcher to gain control of /etc/passwd.  The baremetal image is intended for a wide range of uses and this use is deliberate until we have moved all test infra to a 4.x version.
Comment 2 Raviv Bar-Tal 2020-03-24 13:15:31 UTC 
Andrea Fasano help verifying this BZ, it is working form CI
Comment 7 errata-xmlrpc 2020-05-04 11:47:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581
Note You need to log in before you can comment on or make changes to this bug.