-
Bug
-
Resolution: Done
-
Medium
-
Frankfurt Release
-
None
Some CDS and SDNC pods are still run as root, which is a critical security issue.
POD: onap-cds-blueprints-processor-76f9959999-99r87 container: cds-blueprints-processor uid: 0(root)
POD: onap-cds-command-executor-df44dd5d-ffl26 container: cds-command-executor uid: 0(root)
POD: onap-sdnc-ueb-listener-6587f44894-ww4rw container: sdnc-ueb-listener uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.
CDS container must run as NON-ROOT [Sev3] - Simple change (dont use user 1000; b/c the user has pseudo) -->