sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 00:11:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(helmfile): Remove NET_RAW capabilities

Browse Source
This commit is contained in:
Dominik Kaminski
2024-10-03 19:11:10 +02:00
committed by Thorsten Roßner
parent d693ff94f4
commit e512486e74
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
View File

@@ -185,6 +185,33 @@ nubusUmcServer:
runAsNonRoot: false runAsNonRoot: false
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }} {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
containerSecurityContextSssd:
enabled: true
allowPrivilegeEscalation: true
capabilities:
drop:
- "ALL"
add:
- "DAC_OVERRIDE"
- "SETGID"
- "AUDIT_WRITE"
- "SETUID"
- "CHOWN"
- "SETPCAP"
- "FOWNER"
- "FSETID"
- "KILL"
- "MKNOD"
- "NET_BIND_SERVICE"
- "SYS_CHROOT"
runAsUser: 0
runAsGroup: 0
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: false
seLinuxOptions:
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
proxy: proxy:

1
helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
View File

@@ -90,7 +90,6 @@ securityContext:
- "SETUID" - "SETUID"
- "SETPCAP" - "SETPCAP"
- "NET_BIND_SERVICE" - "NET_BIND_SERVICE"
- "NET_RAW"
- "SYS_CHROOT" - "SYS_CHROOT"
privileged: false privileged: false
seccompProfile: seccompProfile: