-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use security context to set up the default seccomp profile for spod pod and security-profiles-operator container #1239
Conversation
…od and security-profiles-operator container
Hi @ccojocar. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test all |
@ccojocar: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
This seems like a flaky unit test:
|
@ccojocar: The specified target(s) for
Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test all |
Yes I can re-kick the tests once the others finished. Do you need this change as part of v0.5.0, @ccojocar ? |
It would be great to have it as part of v0.5.0 since we have some issues on cri-o runtime with the current way of setting the seccomp profile. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ccojocar, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
I think the issue is that cri-o runtime requires the profile path to be prefix with I am not sure what's the best way to go about this. How can we detect the runtime and configure the path accordingly? |
/lgtm |
What type of PR is this?
/kind clean-up
What this PR does / why we need it:
Use security context to set up the default seccomp profile for spod pod and security-profiles-operator container.
Which issue(s) this PR fixes:
security context is a more up to date way to setup the seccomp profile instead of the anotations.
Does this PR have test?
Special notes for your reviewer:
Does this PR introduce a user-facing change?