Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: High
Fix Version/s: Frankfurt Release
Affects Version/s: Frankfurt Release
Component/s: None
Labels:

Some DCAE pods are still run as root, which is a critical security issue.

POD: onap-dcae-bootstrap-6458cdf78-n2js9 container: dcae-bootstrap uid: 0(root)

POD: onap-dcae-cloudify-manager-699bdf9b7c-8r7xc container: dcae-cloudify-manager uid: 0(root)
POD: onap-dcae-mongo-0 container: dcae-mongo uid: 0(root)
POD: onap-dcae-redis-0 container: dcae-redis uid: 0(root)
POD: onap-dcae-redis-1 container: dcae-redis uid: 0(root)
POD: onap-dcae-redis-2 container: dcae-redis uid: 0(root)

They must be run using a non root user.

It has been discussed during the PTL meetings.

It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.

zwarico Pawel_P kopasiak sdesbure Fabian_BZH

relates to

DCAEGEN2-2170 Switch DCAE MOD components to non-root user

Closed

DCAEGEN2-2171 DL containers running as root

Closed

Assignee:: mrichomme

Reporter:: mrichomme

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 02/Mar/20 5:13 PM

Updated:: 02/Apr/20 1:00 PM

Resolved:: 06/Mar/20 8:51 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates