[WIP] Fix Divingbell privileged issues

Change-Id: I32b1df17b100729d22d01993ad3d0e320e4f25ad
2021-07-28 11:19:39 -05:00 · 2021-07-28 11:19:39 -05:00 · be255bf5f6
parent d657f7968c
commit be255bf5f6
2 changed files with 3 additions and 3 deletions
--- a/divingbell/templates/daemonset-uamlite.yaml
+++ b/divingbell/templates/daemonset-uamlite.yaml
@ -63,7 +63,7 @@ spec:
        # TODO: investigate which linux capabilities should be whitelisted so blanket security
        # context may be removed
        securityContext:
-          privileged: true
+          privileged: false
      volumes:
      - name: rootfs-{{ $daemonset }}
        hostPath:
--- a/divingbell/values.yaml
+++ b/divingbell/values.yaml
@ -124,7 +124,7 @@ pod:
        apt:
          readOnlyRootFilesystem: true
          runAsUser: 0
-          privileged: true
+          privileged: false
        apparmor:
          capabilities:
            add:
@ -140,7 +140,7 @@ pod:
        exec:
          readOnlyRootFilesystem: true
          runAsUser: 0
-          privileged: true
+          privileged: false
        limits:
          readOnlyRootFilesystem: true
          runAsUser: 0