-
Bug
-
Resolution: Done
-
High
-
Frankfurt Release
Some VFC pods are still run as root, which is a critical security issue.
POD: onap-vfc-ems-driver-7c5bd9787b-9c7tb container: vfc-ems-driver uid: 0(root)
POD: onap-vfc-huawei-vnfm-driver-7fbbc48d7d-b696v container: vfc-huawei-vnfm-driver uid: 0(root)
POD: onap-vfc-juju-vnfm-driver-67cc4fcd4d-rml9s container: vfc-juju-vnfm-driver uid: 0(root)
POD: onap-vfc-multivim-proxy-998746d46-5p6vr container: vfc-multivim-proxy uid: 0(root)
POD: onap-vfc-nokia-v2vnfm-driver-86f7d4884f-8m2bk container: vfc-nokia-v2vnfm-driver uid: 0(root)
POD: onap-vfc-redis-b8875fd99-mq9qv container: vfc-redis uid: 0(root)
POD: onap-vfc-resmgr-579c6b6944-sf5k8 container: vfc-resmgr uid: 0(root)
POD: onap-vfc-workflow-7c9d7fdf97-h82ct container: vfc-workflow uid: 0(root)
POD: onap-vfc-workflow-engine-5b485655b6-b26pd container: vfc-workflow-engine uid: 0(root)
POD: onap-vfc-zte-sdnc-driver-5bfcd8db6c-mtb7s container: vfc-zte-sdnc-driver uid: 0(root)
They must be run using a non root user.
It has been discussed during the PTL meetings.
It can be fixed by modifying the docker you generate. The VID can be used as an illustration. The fix is light and shall be applied as soon as possible.