-
### What are you trying to do?
Use a tag for an SSH check rule, for example:
```json
{
"action": "check",
"src": ["tag:server"],
"dst": ["tag:server"],
"users": ["autogroup:non…
-
**Describe the bug**
I can't deploy this chart in k8s ocp4 because root is forbidden. So after some reading, i got to understand that turning the "VolumePermissions" flag on resolves this issue, …
-
### What are you trying to do?
Tailscale SSH with `autogroup:nonroot` currently lets you log in to any machine as any user (except root), so it lets you impersonate anyone. I'm trying to restrict acc…
-
Hello,
Using the IBRACORP video I attempted to get a tunnel configured. I wasn't able to get it working, kept getting a 502 or 509 error when I attempted to log onto one of my subdomains. So I dec…
-
### Kyverno Version
1.12.5
### Description
I'am able to fetch the container name from the 'disallow-capabilities-strict policy on the playground. You can view it [here]: [https://playground…
-
I am using `customFetch` and `additionalEnvelopPlugins` with scripts pointing in my `src` as shown below.
everything works fine locally, but when I am doing **docker** build, I am getting import pat…
-
It'd be cool to have a command to scaffold out a basic melange.yaml file. As a strawman, a basic `melange init` could emit a file containing:
```
package:
name: TODO
version: TODO
epoch: …
-
currently the script requires sudo from a nonroot user.
It should separate distinct permissions options. Some use cases:
- packages for system, configs for user
- no access to root -- packages fo…
-
Hi,
I’m trying to get a tunnel setup and have run into a few issues. The first was that the command to create the cert.pen file failed with an access denied message. I resolved this with setting th…
-
i tried add following cmd at /etc/rc.local but not work.
su username -c 'conda activate cling && jupyter notebook'
'conda activate cling && jupyter notebook' cmd works as non root user in console …