Yaren-IT
commented
3 months ago The cap_add was introduced in relation to this issue and present on every STS. The question arises as to whether this capability is needed at all if you start with "runAsNonRoot: true" and can therefore completely omit the "SYS_CHROOT". Or are there other effects?
Are there any plans to move away from running containers under root privileges? This is very problematic from the security perspective, practically requires a dedicated k8s cluster for wazuh deployment alone. For example, it's not even possible to deploy on openshift because of this without turning off default security policies.