1995295 – SCC annotation of ssp-operator was changed to privileged

Bug 1995295 - SCC annotation of ssp-operator was changed to privileged

Summary: SCC annotation of ssp-operator was changed to privileged

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	SSP
Sub Component:
Version:	4.9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	4.9.0
Assignee:	Andrej Krejcir
QA Contact:	Roni Kishner
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-08-18 18:42 UTC by ibesso
Modified:	2021-11-02 16:01 UTC (History)
CC List:	3 users (show)
Fixed In Version:	kubevirt-ssp-operator-container-v4.9.0-24
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-11-02 16:00:55 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	kubevirt ssp-operator pull 220	None	None	None	2021-08-19 10:08:40 UTC
Github	kubevirt ssp-operator pull 231	None	None	None	2021-08-31 08:57:42 UTC
Red Hat Product Errata	RHSA-2021:4104	None	None	None	2021-11-02 16:01:03 UTC

Description ibesso 2021-08-18 18:42:41 UTC

Description of problem:
----------------------
The SCC annotation in ssp-operator is "privileged".

On v4.8.1-25 (registry-proxy.engineering.redhat.com/rh-osbs/iib:98298), it is "restricted".


Version-Release number of selected component (if applicable):
------------------------------------------------------------
HCO: v4.9.0-113
registry-proxy.engineering.redhat.com/rh-osbs/iib:98420


How reproducible:
----------------
100%


Steps to Reproduce:
------------------
1. $ oc get pod -n openshift-cnv `oc get pod -A |grep ssp-oper |awk '{ print $2 }'`  -ojson |jq '.metadata.annotations."openshift.io/scc"'


Actual results:
--------------
privileged


Expected results:
----------------
restricted


Additional info:
---------------
$ oc version
Client Version: 4.9.0-202108121026.p0.git.25b5251.assembly.stream-25b5251
Server Version: 4.9.0-0.nightly-2021-08-14-065522
Kubernetes Version: v1.22.0-rc.0+76ff583

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.nightly-2021-08-14-065522   True        False         2d4h    Cluster version is 4.9.0-0.nightly-2021-08-14-065522

Comment 5 Roni Kishner 2021-09-01 12:35:14 UTC

Tested on ssp-operator: 4.9.0-24
Passed moving to VERIFIED

Comment 8 errata-xmlrpc 2021-11-02 16:00:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.9.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4104

Note You need to log in before you can comment on or make changes to this bug.