Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: run as unprivileged #3040

Merged
merged 1 commit into from
Jul 17, 2024
Merged

security: run as unprivileged #3040

merged 1 commit into from
Jul 17, 2024

Conversation

zhangzujian
Copy link
Member

@zhangzujian zhangzujian commented Jul 14, 2023
edited
Loading

What type of this PR

  • Security

Which issue(s) this PR fixes:

Run containers as unprivileged.

kube-ovn-cni still runs as privileged since it writes sysctl variables to enable IPv6 for network links.

hongzhen-ma
hongzhen-ma reviewed Jul 14, 2023
View reviewed changes
yamls/kube-ovn.yaml Outdated Show resolved Hide resolved
yamls/kube-ovn-dual-stack.yaml Outdated Show resolved Hide resolved
@zhangzujian zhangzujian marked this pull request as draft July 17, 2023 07:19
@zhangzujian zhangzujian reopened this Jul 16, 2024
@zhangzujian zhangzujian marked this pull request as ready for review July 16, 2024 12:38
@zhangzujian zhangzujian requested review from oilbeater and removed request for oilbeater July 16, 2024 12:39
@zhangzujian zhangzujian merged commit 26c04b1 into kubeovn:master Jul 17, 2024
60 of 62 checks passed
@zhangzujian zhangzujian deleted the unprivileged branch July 17, 2024 10:28
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Jul 17, 2024
@zhangzujian
security: run as unprivileged (kubeovn#3040)
f6c1ba3 
Signed-off-by: zhangzujian <[email protected]>
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Jul 17, 2024
@zhangzujian
security: run as unprivileged (kubeovn#3040)
9056861 
Signed-off-by: zhangzujian <[email protected]>
zhangzujian added a commit that referenced this pull request Jul 18, 2024
@zhangzujian
security: run as unprivileged (#3040)
b577211 
Signed-off-by: zhangzujian <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hongzhen-ma hongzhen-ma hongzhen-ma left review comments

@oilbeater oilbeater oilbeater approved these changes

Assignees
No one assigned
Labels
need backport security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zhangzujian @oilbeater @hongzhen-ma