Skip to content

Test: Update security context in compliance scan pod configuration #744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Test: Update security context in compliance scan pod configuration #744

wants to merge 1 commit into from

Conversation

Vincent056
Copy link

Set Privileged to false for scan pods to enhance security.
Add CAP_DAC_OVERRIDE capability to the scan pod's security context.

@openshift-ci openshift-ci bot requested review from BhargaviGudi and jhrozek July 17, 2025 16:03
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 17, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Vincent056

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Vincent056
Update security context in compliance scan pod configuration
cba9edb 
- Set Privileged to false for scan pods to enhance security.
- Add CAP_DAC_OVERRIDE capability to the scan pod's security context.
@github-actions GitHub Actions
Copy link

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:744-b7af3ac08ba650a476c02802b557778a5df13445

@github-actions GitHub Actions
Copy link

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:744-cba9edb750e77ead225bd776852a34a1bccffc91

@yuumasato
Copy link
Member

Some tests seem to have passed, but a lot of them timed out.
/retest

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 18, 2025

@Vincent056: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-serial cba9edb link true /test e2e-aws-serial
ci/prow/e2e-aws-parallel-arm cba9edb link true /test e2e-aws-parallel-arm
ci/prow/e2e-aws-parallel cba9edb link true /test e2e-aws-parallel
ci/prow/e2e-aws-serial-arm cba9edb link true /test e2e-aws-serial-arm

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@yuumasato
Copy link
Member

@Vincent056 I tried this locally, and I see this in the logs:

$ oc logs openscap-pod-0355cb44f7d6066ec95c28ee574a9ab3e0d65d4a --all-containers
mkdir: cannot create directory '/host/etc/kubernetes/compliance-operator': Permission denied
Error from server (BadRequest): container "log-collector" in pod "openscap-pod-0355cb44f7d6066ec95c28ee574a9ab3e0d65d4a" is waiting to start: PodInitializing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BhargaviGudi BhargaviGudi Awaiting requested review from BhargaviGudi

@jhrozek jhrozek Awaiting requested review from jhrozek

Assignees
No one assigned
Labels
approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Vincent056 @yuumasato