[WIP] Fix Divingbell privileged issues
Change-Id: I32b1df17b100729d22d01993ad3d0e320e4f25ad
This commit is contained in:
parent
d657f7968c
commit
be255bf5f6
|
@ -63,7 +63,7 @@ spec:
|
|||
# TODO: investigate which linux capabilities should be whitelisted so blanket security
|
||||
# context may be removed
|
||||
securityContext:
|
||||
privileged: true
|
||||
privileged: false
|
||||
volumes:
|
||||
- name: rootfs-{{ $daemonset }}
|
||||
hostPath:
|
||||
|
|
|
@ -124,7 +124,7 @@ pod:
|
|||
apt:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
privileged: false
|
||||
apparmor:
|
||||
capabilities:
|
||||
add:
|
||||
|
@ -140,7 +140,7 @@ pod:
|
|||
exec:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
privileged: false
|
||||
limits:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 0
|
||||
|
|
Loading…
Reference in New Issue