-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
-
None
Some DCAE pods are still run as root, which is a critical security issue.
POD: onap-dcae-bootstrap-6458cdf78-n2js9 container: dcae-bootstrap uid: 0(root)
POD: onap-dcae-cloudify-manager-699bdf9b7c-8r7xc container: dcae-cloudify-manager uid: 0(root)
POD: onap-dcae-mongo-0 container: dcae-mongo uid: 0(root)
POD: onap-dcae-redis-0 container: dcae-redis uid: 0(root)
POD: onap-dcae-redis-1 container: dcae-redis uid: 0(root)
POD: onap-dcae-redis-2 container: dcae-redis uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.
- relates to
-
DCAEGEN2-2170 Switch DCAE MOD components to non-root user
- Closed
-
DCAEGEN2-2171 DL containers running as root
- Closed