-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running with GID != 0 fails #502
Comments
No, the use of GID 0 is currently hard-coded in a number of places in the sample. Note that there's nothing really special about GID 0 (unlike UID 0), so it's not usually seen as a security risk. In fact, Red Hat require the use of GID 0 by default, on all containers running on Red Hat OpenShift Container Platform. |
Thanks for your reply. I would have agreed, but I asked internally and the GID != 0 requirement is coming from the NSA Hardening Guide For Kuberenetes, PDF Page 55 |
Fair enough. As I say, the value in the sample is hard-coded, but remember that this is just a sample, so you are free to fork and make any changes you like. I'll keep this issue open to track a future improvement. |
Due to (another) seq requirement we are not allowed to run with GID 0 in k8s.
Is there any way to do that?
I get the following error:
The text was updated successfully, but these errors were encountered: