-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
-
None
Some Portal pods are still run as root, which is a critical security issue.
POD: onap-portal-app-5fd466cf74-7zc4x container: portal-app uid: 0(root)
POD: onap-portal-cassandra-8456f77bd6-gzsh6 container: portal-cassandra uid: 0(root)
POD: onap-portal-db-84c9d4d7fc-w98wn container: portal-db uid: 0(root)
POD: onap-portal-sdk-55cb6cb779-zmdqr container: portal-sdk uid: 0(root)
POD: onap-portal-widget-6f7ddf4bc4-scqq6 container: portal-widget uid: 0(root)
POD: onap-portal-zookeeper-7b65474bc-l4phs container: portal-zookeeper uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.