[RELEASE-1.6] Feature: Let users set allowPrivilegeEscalation = false on ksvc.
#18
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ion (knative#1282) * Feature: Let users set `allowPrivilegeEscalation = false` on ksvc. (knative#13395) :gift: This allows used to specify `allowPrivilegeEscalation` (in particular to false) to ensure that processes cannot escalate privileges. Kicking the tires on the new GKE security posture dashboard, I noticed that ~all Knative services get flagged for this despite Knative not allowing me to set it to false! https://cloud.google.com/kubernetes-engine/docs/concepts/about-security-posture-dashboard /kind bug * Fix: Add the new `AllowPrivilegeEscalation` field to the *other* fieldmask. (knative#13402) :bug: My previous changed missed the new config file that controls how the CRD schema is updated. You can now clearly see the fields being added to the schemas. Apologies for the break, I had no clue this was a thing! /kind bug Related: knative#13395 * add allowPrivilegeEscalation to manifests Co-authored-by: Matt Moore <mattmoor@chainguard.dev>
Author
|
/assign @nak3. This is the last patch from 1.5 to 1.6. |
|
/lgtm Thank you so much! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nak3, skonto The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-robot
pushed a commit
that referenced
this pull request
Dec 22, 2022
…e` on ksvc. (#18) (#90) * [RELEASE-1.5] [BACKPORT] Feature: Let users set allowPrivilegeEscalation (#1282) * Feature: Let users set `allowPrivilegeEscalation = false` on ksvc. (knative#13395) :gift: This allows used to specify `allowPrivilegeEscalation` (in particular to false) to ensure that processes cannot escalate privileges. Kicking the tires on the new GKE security posture dashboard, I noticed that ~all Knative services get flagged for this despite Knative not allowing me to set it to false! https://cloud.google.com/kubernetes-engine/docs/concepts/about-security-posture-dashboard /kind bug * Fix: Add the new `AllowPrivilegeEscalation` field to the *other* fieldmask. (knative#13402) :bug: My previous changed missed the new config file that controls how the CRD schema is updated. You can now clearly see the fields being added to the schemas. Apologies for the break, I had no clue this was a thing! /kind bug Related: knative#13395 * add allowPrivilegeEscalation to manifests Co-authored-by: Matt Moore <mattmoor@chainguard.dev> * Add missing allowPrivilegeEscalation patch into 1-serving-crds.yaml (#1301) * fix download script Co-authored-by: Matt Moore <mattmoor@chainguard.dev> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com> Co-authored-by: Stavros Kontopoulos <st.kontopoulos@gmail.com> Co-authored-by: Matt Moore <mattmoor@chainguard.dev> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contains: 5b5eb3f and ddc2c42.