-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
-
None
Some SDC pods are still run as root, which is a critical security issue.
POD: onap-sdc-be-67f48d4df4-s9qcq container: sdc-be uid: 0(root)
POD: onap-sdc-dcae-be-64795bdfc5-xvs2z container: sdc-dcae-be uid: 0(root)
POD: onap-sdc-dcae-dt-5798d568cd-cmc2h container: sdc-dcae-dt uid: 0(root)
POD: onap-sdc-dcae-fe-5c9ff8c47-tdx7q container: sdc-dcae-fe uid: 0(root)
POD: onap-sdc-dcae-tosca-lab-7fcddbc459-pn8nd container: sdc-dcae-tosca-lab uid: 0(root)
POD: onap-sdc-fe-7746db7d7c-nfbds container: sdc-fe uid: 0(root)
POD: onap-sdc-onboarding-be-6898c4f955-q9x9d container: sdc-onboarding-be uid: 0(root)
POD: onap-sdc-wfd-be-7c64ddd67-5457r container: sdc-wfd-be uid: 0(root)
POD: onap-sdc-wfd-fe-66794c54bf-x9fj4 container: sdc-wfd-fe uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.