-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
-
None
Some OOF pods are still run as root, which is a critical security issue.
POD: onap-oof-57676b7647-g9n8f container: oof uid: 0(root)
POD: onap-oof-cmso-optimizer-7cbbb659c9-2lpp5 container: oof-cmso-optimizer uid: 0(root)
POD: onap-oof-cmso-service-67ffccb784-f5c99 container: mso-simulator uid: 0(root)
POD: onap-oof-cmso-service-67ffccb784-f5c99 container: oof-cmso-service uid: 0(root)
POD: onap-oof-cmso-ticketmgt-67fbbb846-7xm85 container: oof-cmso-ticketmgt uid: 0(root)
POD: onap-oof-cmso-topology-665479b948-rcc7m container: oof-cmso-topology uid: 0(root)
POD: onap-oof-has-api-6775f7549c-8bcc6 container: oof-has-api uid: 0(root)
POD: onap-oof-has-controller-57c577748b-khlcs container: oof-has-controller uid: 0(root)
POD: onap-oof-has-data-589d9dbc89-2rxnb container: oof-has-data uid: 0(root)
POD: onap-oof-has-reservation-fd6c9b99-q4gpj container: oof-has-reservation uid: 0(root)
POD: onap-oof-has-solver-565d88859d-mbsc7 container: oof-has-solver uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.
- is blocked by
-
OPTFRA-706 Resolve high/highest priority JIRA issues
-
- Closed
-
- relates to
-
-
- Closed
-
- mentioned in
-
Page Loading...