diff --git a/.github/workflows/darwin.yaml b/.github/workflows/darwin.yaml index a2881d3453b..803d1abe23f 100644 --- a/.github/workflows/darwin.yaml +++ b/.github/workflows/darwin.yaml @@ -1,4 +1,4 @@ -name: MacOS Unit Tests +name: MacOS Build & Unit Test on: push: branches: [ master ] diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index f8a8f1238eb..c2b3de30553 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -1,4 +1,4 @@ -name: Linux Unit tests +name: Ubuntu Test on: push: branches: [ master ] diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index e565588087d..7308341aea2 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,4 +1,4 @@ -name: Windows Unit Tests +name: Windows Build & Unit Test on: push: branches: [ master ] diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml index c2a0e71a5d2..08954d827f8 100644 --- a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml +++ b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml @@ -90,6 +90,8 @@ spec: env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock + securityContext: + runAsUser: 0 volumeMounts: - mountPath: /csi name: socket-dir diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml index ecd9ef9b3b0..e95bac2be65 100644 --- a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml +++ b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml @@ -100,6 +100,7 @@ spec: fieldPath: spec.nodeName securityContext: privileged: true + runAsUser: 0 volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/csi-smb-controller.yaml b/deploy/csi-smb-controller.yaml index f2bb0f7f08f..e5767683aed 100644 --- a/deploy/csi-smb-controller.yaml +++ b/deploy/csi-smb-controller.yaml @@ -86,6 +86,8 @@ spec: env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock + securityContext: + runAsUser: 0 volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/csi-smb-node.yaml b/deploy/csi-smb-node.yaml index 7931cc13de3..757c4c704aa 100644 --- a/deploy/csi-smb-node.yaml +++ b/deploy/csi-smb-node.yaml @@ -96,6 +96,7 @@ spec: fieldPath: spec.nodeName securityContext: privileged: true + runAsUser: 0 volumeMounts: - mountPath: /csi name: socket-dir diff --git a/pkg/smbplugin/Dockerfile b/pkg/smbplugin/Dockerfile index 36bd96a994e..83f8149e8ad 100644 --- a/pkg/smbplugin/Dockerfile +++ b/pkg/smbplugin/Dockerfile @@ -25,5 +25,9 @@ RUN clean-install ca-certificates cifs-utils util-linux e2fsprogs mount udev xfs LABEL maintainers="andyzhangx" LABEL description="SMB CSI Driver" +# Create a nonroot user +RUN useradd -u 10001 nonroot +USER nonroot + COPY ./_output/smbplugin /smbplugin ENTRYPOINT ["/smbplugin"] diff --git a/pkg/smbplugin/dev.Dockerfile b/pkg/smbplugin/dev.Dockerfile index 6978e0bb780..a4a13d42abc 100644 --- a/pkg/smbplugin/dev.Dockerfile +++ b/pkg/smbplugin/dev.Dockerfile @@ -17,5 +17,9 @@ RUN apt-get update && apt-get install -y ca-certificates cifs-utils util-linux e LABEL maintainers="andyzhangx" LABEL description="SMB CSI Driver" +# Create a nonroot user +RUN useradd -u 10001 nonroot +USER nonroot + COPY ./_output/smbplugin /smbplugin ENTRYPOINT ["/smbplugin"]