-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
Some SO pods are still run as root, which is a critical security issue.
POD: onap-so-bpmn-infra-5b7fc8dbfd-wm64j container: so-bpmn-infra uid: 0(root)
POD: onap-so-catalog-db-adapter-5486bbcdc7-j9t54 container: so-catalog-db-adapter uid: 0(root)
POD: onap-so-cbdf77b84-rl262 container: so uid: 0(root)
POD: onap-so-monitoring-64c56566f6-sxnf2 container: so-monitoring uid: 0(root)
POD: onap-so-openstack-adapter-84648b89b9-4f5cl container: so-openstack-adapter uid: 0(root)
POD: onap-so-request-db-adapter-695fb8c565-dqwcm container: so-request-db-adapter uid: 0(root)
POD: onap-so-sdc-controller-5bb4f7c545-m5jvk container: so-sdc-controller uid: 0(root)
POD: onap-so-sdnc-adapter-685c66486d-ht8ql container: so-sdnc-adapter uid: 0(root)
POD: onap-so-ve-vnfm-adapter-7fd9dcdcdf-d2tqp container: so-ve-vnfm-adapter uid: 0(root)
POD: onap-so-vfc-adapter-8758898db-vxptt container: so-vfc-adapter uid: 0(root)
POD: onap-so-vnfm-adapter-6d66d5bd5-9t2ss container: so-vnfm-adapter uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.