-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
-
None
Some Music pods are still run as root, which is a critical security issue.
POD: onap-music-cassandra-0 container: music-cassandra uid: 0(root)
POD: onap-music-cassandra-1 container: music-cassandra uid: 0(root)
POD: onap-music-cassandra-2 container: music-cassandra uid: 0(root)
POD: onap-music-tomcat-76f99dcbcb-7grpt container: music-tomcat uid: 0(root)
POD: onap-music-tomcat-76f99dcbcb-jnn75 container: music-tomcat uid: 0(root)
POD: onap-music-tomcat-76f99dcbcb-jvv5b container: music-tomcat uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.
- is blocked by
-
MUSIC-572 HTTP port open
- Closed
- relates to
-
OPTFRA-743 OOF must use HTTPS Music endpoint
- Closed