Skip to content

Commit

Permalink
Allow privilege escalation for dnsmasq
Browse files Browse the repository at this point in the history
  • Loading branch information
@dtantsur
dtantsur committed Dec 1, 2023
1 parent 5587ad0 commit 7a905af
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions pkg/ironic/containers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -384,8 +384,9 @@ func newDnsmasqContainer(ironic *metal3api.Ironic) corev1.Container {
Command: []string{"/bin/rundnsmasq"},
Env: envVars,
SecurityContext: &corev1.SecurityContext{
RunAsUser: pointer.Int64(ironicUser),
RunAsGroup: pointer.Int64(ironicGroup),
RunAsUser: pointer.Int64(ironicUser),
RunAsGroup: pointer.Int64(ironicGroup),
AllowPrivilegeEscalation: pointer.Bool(true),
Capabilities: &corev1.Capabilities{
Drop: []corev1.Capability{"ALL"},
Add: []corev1.Capability{"NET_ADMIN", "NET_BIND_SERVICE", "NET_RAW"},
Expand Down

0 comments on commit 7a905af

Please sign in to comment.