Skip to content

Commit

Permalink
Bootstrap the "privileged" SCC with all sysctls allowed
Browse files Browse the repository at this point in the history
  • Loading branch information
stlaz committed Jul 20, 2018
1 parent a5204c5 commit fe9fc21
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,8 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
SupplementalGroups: securityapi.SupplementalGroupsStrategyOptions{
Type: securityapi.SupplementalGroupsStrategyRunAsAny,
},
SeccompProfiles: []string{"*"},
SeccompProfiles: []string{"*"},
AllowedUnsafeSysctls: []string{"*"},
},
// SecurityContextConstraintNonRoot does not allow host access, allocates SELinux labels
// and allows the user to request a specific UID or provide the default in the dockerfile.
Expand Down

0 comments on commit fe9fc21

Please sign in to comment.