SSH not working due missing security capability in CRI-O environment #176

volker.raschek · 2021-06-12T14:34:30Z

volker.raschek commented

2021-06-12 14:34:30 +00:00

This patch add the SYS_CHROOT capability if the securityContext is
undefined. Otherwise the SSH Server does not work correctly as described
in the issue #161.

Fixes: #161

This patch add the SYS_CHROOT capability if the securityContext is undefined. Otherwise the SSH Server does not work correctly as described in the issue #161. Fixes: #161

volker.raschek force-pushed master from 30a672f055 to 4b504feadd

2021-06-12 14:36:37 +00:00

Compare

volker.raschek force-pushed master from 4b504feadd to 0e0583cb3e

2021-06-12 14:39:20 +00:00

Compare

justusbunsi added the

status

wip

label 2021-06-17 05:22:01 +00:00

justusbunsi commented

2021-06-17 05:22:47 +00:00

WIP as per #161 (comment)

WIP as per https://gitea.com/gitea/helm-chart/issues/161#issuecomment-440630

volker.raschek force-pushed master from 0e0583cb3e to 0b18e467be

2021-06-17 15:29:38 +00:00

Compare

justusbunsi commented

2021-06-17 20:04:59 +00:00

(in values.yaml)

 # only usable with rootless image due to image design
securityContext:....

Is SYS_CHROOTnecessary for both image variants? If so, could you pleass extend this comment so that users don't get confused?

Maybe something like ...except for clusters using cri-o where SYS_CHROOT needs to be set. ?

(in values.yaml) ``` # only usable with rootless image due to image design securityContext:.... ``` Is `SYS_CHROOT`necessary for both image variants? If so, could you pleass extend this comment so that users don't get confused? Maybe something like `...except for clusters using cri-o where SYS_CHROOT needs to be set`. ?

justusbunsi commented

2021-06-29 20:49:59 +00:00

@volker.raschek Please update your branch to the latest master and have a look at that comment.

@volker.raschek Please update your branch to the latest master and have a look at [that comment](https://gitea.com/gitea/helm-chart/issues/176#issuecomment-440777).

volker.raschek force-pushed master from 0b18e467be to 7121d5e804

2021-06-30 17:41:57 +00:00

Compare

techknowlogick approved these changes 2021-06-30 17:52:21 +00:00

justusbunsi self-assigned this 2021-06-30 17:59:16 +00:00

justusbunsi approved these changes 2021-06-30 18:11:03 +00:00

justusbunsi left a comment

LGTM. Thanks for your effort.

justusbunsi added

and removed

labels 2021-06-30 18:11:21 +00:00

justusbunsi added this to the Release 4.0.0 milestone 2021-06-30 18:11:30 +00:00

justusbunsi changed title from ~~[Close #161] fix: SSH not working due missing security capability~~ to SSH not working due missing security capability in CRI-O environment

2021-06-30 18:13:13 +00:00

justusbunsi removed their assignment 2021-06-30 18:15:54 +00:00

volker.raschek referenced this pull request

2021-06-30 20:00:20 +00:00

feat/markdownlint #200

justusbunsi added a new dependency 2021-07-01 06:31:55 +00:00

#200 feat/markdownlint

luhahn approved these changes 2021-07-01 13:29:12 +00:00

luhahn merged commit 767a073a0a into master

2021-07-01 15:02:57 +00:00

luhahn referenced this issue from a commit

2021-07-01 15:02:57 +00:00