-
Story
-
Resolution: Done
-
High
-
Frankfurt Release
Some A&AI pods are still run as root, which is a critical security issue.
POD: onap-aai-babel-f69d8fdc8-lsprh container: aai-babel uid: 0(root)
POD: onap-aai-data-router-699bcc49c5-28b2p container: aai-data-router uid: 0(root)
POD: onap-aai-elasticsearch-5894f8fbdd-mngxc container: aai-elasticsearch uid: 0(root)
POD: onap-aai-f68c4bf85-hglfp container: aai uid: 0(root)
POD: onap-aai-graphadmin-55bcc9654d-xfkcg container: aai-graphadmin uid: 0(root)
POD: onap-aai-modelloader-75556cd68-b5ffm container: aai-modelloader uid: 0(root)
POD: onap-aai-resources-68697f8769-ftkxp container: aai-resources uid: 0(root)
POD: onap-aai-schema-service-7bcf64bd9-bdl2c container: aai-schema-service uid: 0(root)
POD: onap-aai-search-data-b68cbc498-gftx4 container: aai-search-data uid: 0(root)
POD: onap-aai-sparky-be-868d55b4-bzn2h container: aai-sparky-be uid: 0(root)
POD: onap-aai-traversal-58bc54c4f4-zv6wq container: aai-traversal uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.
- blocks
-
AAI-2777 Address all security issues
- Closed
-
AAI-2779 Resolve high/highest priority JIRA issues
- Closed
- relates to
-
AAI-2172 Change to use non-root user for containers
- Closed
-
AAI-2798 Secure containers per SECCOM REQ-215
- Closed
-
REQ-215 Containers configured per secure recommendation
- To Do
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...