Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Containers must be dropping all capabilities, and only adding the ones they need. #18359

Closed
kristinochka opened this issue Nov 12, 2020 · 0 comments
Closed

Containers must be dropping all capabilities, and only adding the ones they need. #18359

kristinochka opened this issue Nov 12, 2020 · 0 comments
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.25

Comments

@kristinochka
Copy link

Is your enhancement related to a problem? Please describe.

For best security practices containers must implement the principle of least privilege to minimize security risks by explicitly dropping ALL capabilities and only adding ones they need.

Describe the solution you'd like

The following deployments should have drop ALL

deploy/operator-local.yaml
deploy/operator.yaml

Example:

spec:
  containers:
  - securityContext:
      capabilities:
        drop:
        - ALL

Describe alternatives you've considered

Additional context
@kristinochka kristinochka added the kind/enhancement A feature request - must adhere to the feature request template. label Nov 12, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Nov 12, 2020
@tolusha tolusha added severity/P1 Has a major impact to usage or development of the system. area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator labels Nov 13, 2020
@sleshchenko sleshchenko removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Nov 13, 2020
@tolusha tolusha added this to the 7.25 milestone Dec 16, 2020
@tolusha tolusha mentioned this issue Dec 24, 2020
Closed
79 tasks
@tolusha tolusha mentioned this issue Jan 11, 2021
Merged
@tolusha tolusha modified the milestones: 7.25, 7.26 Jan 13, 2021
@tolusha tolusha mentioned this issue Jan 15, 2021
Closed
54 tasks
@tolusha tolusha closed this as completed Jan 18, 2021
@tolusha tolusha modified the milestones: 7.26, 7.25 Jan 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.25
Development

No branches or pull requests
4 participants
@tolusha @sleshchenko @kristinochka @che-bot