Closed drpaneas closed 5 years ago
Fixes bsc#1121153 - High Security issue for Kubernetes: Flannel container runs in privileged mode
This fix makes sure that flannel runs in unprivileged mode.
This is done by changing the flannel manifests and also adding a new PSP policy that disables both privilege mode and privilege escallation.
The new PSP activates 'NET_ADMIN' capability, hostNetwork and allowedHostPaths.
Change the path from '/run' into '/run/flannel'
Co-authored-by: chentex vzepedamas@suse.com (cherry picked from commit 8216c9ce691c8174eb2fcd66a1a2fecc446ee106)
Fixes bsc#1121153 - High Security issue for Kubernetes: Flannel container runs in privileged mode
This fix makes sure that flannel runs in unprivileged mode.
This is done by changing the flannel manifests and also adding a new PSP policy that disables both privilege mode and privilege escallation.
The new PSP activates 'NET_ADMIN' capability, hostNetwork and allowedHostPaths.
Change the path from '/run' into '/run/flannel'
Co-authored-by: chentex vzepedamas@suse.com (cherry picked from commit 8216c9ce691c8174eb2fcd66a1a2fecc446ee106)