Details

    Description

      Some DCAE pods are still run as root, which is a critical security issue.

      POD: onap-dcae-bootstrap-6458cdf78-n2js9 container: dcae-bootstrap uid: 0(root)

      POD: onap-dcae-cloudify-manager-699bdf9b7c-8r7xc container: dcae-cloudify-manager uid: 0(root)
      POD: onap-dcae-mongo-0 container: dcae-mongo uid: 0(root)
      POD: onap-dcae-redis-0 container: dcae-redis uid: 0(root)
      POD: onap-dcae-redis-1 container: dcae-redis uid: 0(root)
      POD: onap-dcae-redis-2 container: dcae-redis uid: 0(root)

      They must be run using a non root user.

      It has been discussed during the PTL meetings.

      It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.

       

      zwarico Pawel_P  kopasiak sdesbure  Fabian_BZH

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              mrichomme Morgan Richomme
              mrichomme Morgan Richomme
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: