Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating a Deployment defaults to "Allow Privilege Escalation" #7165

Closed
gaktive opened this issue Oct 12, 2022 · 1 comment · Fixed by #7539
Closed

Creating a Deployment defaults to "Allow Privilege Escalation" #7165

gaktive opened this issue Oct 12, 2022 · 1 comment · Fixed by #7539
Assignees
@mantis-toboggan-md @nickwsuse
Labels
JIRA kind/enhancement release-note
Milestone
v2.7.2

Comments

@gaktive
Copy link
Member

gaktive commented Oct 12, 2022

Internal reference: SURE-3663

Request description:
When users create Deployments in the Rancher Cluster Explorer UI, the setting under "Security Context" -> "Privilege Escalation" defaults to "Yes, container can gain more privileges than its parent process"

Users will fail to create deployments by default (at least when e.g. setting the "Run as User ID" field). The security context parameter is not added to the deployment unless one parameter is set, however when some parameter is set the Privilege Escalation option is set to yes by default.

This could be considered a more secure means of running Kubernetes, which would help with RKE2 strategy to align with other usage within the product.

Actual behavior:
Privilege Escalation in the security context tab is set to yes by default

Expected behavior:

Privilege Escalation in the security context tab is set to no by default

Additional notes:
Instead of choosing between one default or another, it would be helpful to have a way to select the default config options in the UI for each user.
@gaktive gaktive added this to the v2.7.1 milestone Oct 12, 2022
@mantis-toboggan-md mantis-toboggan-md self-assigned this Nov 1, 2022
@mantis-toboggan-md mantis-toboggan-md mentioned this issue Nov 23, 2022
Merged
@github-actions github-actions bot reopened this Nov 30, 2022
@nickwsuse nickwsuse self-assigned this Dec 2, 2022
@nickwsuse
Copy link

Verified on v2.7-head Commit ID: c35f112

The Privilege Escalation field is now defaulted to the No option.

image

@zube zube bot removed the [zube]: Done label Mar 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mantis-toboggan-md mantis-toboggan-md

@nickwsuse nickwsuse

Labels
JIRA kind/enhancement release-note
Projects
None yet
Milestone
v2.7.2
3 participants
@gaktive @mantis-toboggan-md @nickwsuse