faas-netes icon indicating copy to clipboard operation
faas-netes copied to clipboard

Published 20 hours ago verified publisher icon openfaas

Don't run functions as gid=0

Open andeplane opened this issue 5 years ago • 4 comments

There is a runAsNonRoot setting in the faas-netes configuration, but functions do run as gid 0, which was raised as a potential problem by our security team.

Expected Behaviour

It should be possible to run with gid!=0.

Current Behaviour

Containers run as gid=0.

Your Environment

OpenFaaS on GKE.

andeplane avatar Jun 26 '20 08:06 andeplane

Can you provide a bit more detail including the potential solution and which files need a change and which flags you would like to see added / updated? What GID is preferable? Have you got a link to another project that does this?

alexellis avatar Jun 26 '20 08:06 alexellis

@andeplane when you have time, please answer my message from June?

alexellis avatar Aug 22 '20 09:08 alexellis

@LucasRoesler was this covered by profiles?

alexellis avatar Nov 04 '21 12:11 alexellis

yes

LucasRoesler avatar Nov 04 '21 14:11 LucasRoesler