Juan Antonio Osorio
Juan Antonio Osorio
Would very much appreciate this.
This suggestion makes a lot of sense. I can help review if needed. Thanks for looking into this!
@erikgb trivy-operator should anyways not run with the `restricted` SCC, it should use at least `anyuid`. If it's running with a low privileged SCC it should be fixed in the...
@erikgb I see... well, adding the needed annotation to schedule them with a higher privilege SCC shouldn't be too problematic. But, either way, permissions to use that SCC would need...
I'm actually struggling with a similar issue. Except that the secrets in my cluster are `kubernetes.io/dockerconfigjson` 😕
@josedonizetti thanks for picking this up! This would be a very nice improvement!
@displague this is not spam, this is tooling to help folks keep track of their updates. We had an item on this in an all hands and hold bi-weekly office...
Nothing other than https://github.com/kubernetes-sigs/security-profiles-operator/pull/1127
@pradeepjairamani the SecurityProfilesOperatorDaemon has SELinux disabled by default, you'd need to enable it first. `kubectl explain SecurityProfilesOperatorDaemon` gives some relevant information
@pradeepjairamani could you please add more description of the system you're running this in? What distro and kernel version is it? Is SELinux in enforcing or permissive mode? is auditd...