You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It doesn't compromise security because 1) a user should have access to the hostnetwork SCC anyway 2) while hostnetwork allows host ports and host network it doesn't mutates a pod to set it as default values. In fact the pods that were created by these SCCs look the same.
In #16231, I now consider both AllowHostNetwork and AllowHostPorts.
simo5
changed the title
hostnetowork SCC takes precedence over restricted for a pod that doesn't request host network
hostnetwork SCC takes precedence over restricted for a pod that doesn't request host network
Sep 15, 2017
Automatic merge from submit-queue (batch tested with PRs 16867, 16231).
Distinguish SCCs that AllowHostNetwork and AllowHostPorts from those that do not, in the score calculation.
Fixes#15933.
Extracted from https://github.com/openshift/origin/pull/15923/files#r134773733:
Steps To Reproduce
Current Result
Expected Result
Workaround
oc patch scc restricted -p '{"priority":1}'
CC @openshift/sig-security
The text was updated successfully, but these errors were encountered: