Replies: 2 comments 3 replies
-
|
@haircommander please see |
Beta Was this translation helpful? Give feedback.
-
|
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
Beta Was this translation helpful? Give feedback.
-
|
@saschagrunert We can not configure it at CRI-O level. Right? |
Beta Was this translation helpful? Give feedback.
-
|
That's correct. |
Beta Was this translation helpful? Give feedback.
-
|
ok |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Docker provides a feature to ensure that by default all new containers are restricted from acquiring new privileges.
To do so, we need to set it like:
You should ensure that the --no-new-privileges parameter is present and that it is not set to false.
The contents of /etc/docker/daemon.json should also be reviewed.
Is there some similar feature in CRI-O as well?
If no, why do you feel, it is not required in CRI-O?
Beta Was this translation helpful? Give feedback.
All reactions