trident icon indicating copy to clipboard operation
trident copied to clipboard
verified publisher icon NetApp

Capability SYS_ADMIN is published as removed in changelog, but is still in factory method

Open mmerrill3 opened this issue 2 years ago • 1 comments

Describe the bug Capability SYS_ADMIN is published as removed in changelog, but is still in factory method. If the privilege is not necessary, remove this from the factory methods that create the daemonsets.

Environment Daemonsets are using the SYS_ADMIN capability, but according the CHANGELOG, this was removed.

  • Trident version: v23.07.1

To Reproduce Daemonsets are produced today with pods that require SYS_ADMIN privileges, which is too broad.

Expected behavior Pods from the daemonset will not require SYS_ADMIN privileges.

Additional context Add any other context about the problem here.

mmerrill3 avatar Nov 03 '23 14:11 mmerrill3

Hi @mmerrill3 as part of trident release 23.07 SYS_ADMIN capability was added back. Under changelog -> 23.07 -> Enhancements Kubernetes: Minimized deployment and daemonset linux permissions (Issue https://github.com/NetApp/trident/issues/817). As part of the above issue mentioned, SYS_ADMIN capability was added.

alloydsa avatar Jul 23 '24 07:07 alloydsa