infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 7 Projects Releases Packages Wiki Activity Actions

coreos-ci: add SETFCAP capability instead of CAP_SETFCAP in SCC

Browse source 
This is to prevent a Pod Security Violation as CAP_SETFCAP is not allowed
with the baseline policy (but SETFCAP is).
This commit is contained in:
Francois Andrieu 2023-09-12 23:51:43 +02:00
parent 8ebe8332ff
commit e9880dd50e
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml
View file

@ -9,7 +9,7 @@ allowPrivilegedContainer: false
allowedCapabilities: null
apiVersion: security.openshift.io/v1
defaultAddCapabilities:
- CAP_SETFCAP
- SETFCAP
fsGroup:
type: RunAsAny
groups: