Skip to content

chore: [NPM] Updated NPM to Not Use Privileged containers and to Mount Container's Root Filesystem as Read Only #2598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 29, 2024
Merged

chore: [NPM] Updated NPM to Not Use Privileged containers and to Mount Container's Root Filesystem as Read Only #2598

merged 1 commit into from
Feb 29, 2024

Conversation

@rayaisaiah
Copy link
Contributor

@rayaisaiah rayaisaiah commented Feb 21, 2024

Reason for Change:

Addresses NPM Linux vulnerabilities from security scan by customer.

Issue Fixed:

  • Do not use privileged containers
    • set securityContext.privileged=false
    • Added NET_ADMIN capabilities securityContext.capabilities.add=- NET_ADMIN as netadmin profile is able to view/modify iptables rules without privilege
  • Mount container's root filesystem as read only
    • set securityContext.readOnlyRootFilesystem=true
    • Mounted an emptyDir volume on the mount /tmp instead of writing to the root volume as we need to write for app insights telemetry

Requirements:

@rayaisaiah rayaisaiah added npm Related to NPM. linux labels Feb 21, 2024
@rayaisaiah rayaisaiah requested a review from a team as a code owner February 21, 2024 00:53
@rayaisaiah rayaisaiah enabled auto-merge February 21, 2024 01:16
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 21, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Feb 21, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 21, 2024
github-merge-queue bot pushed a commit that referenced this pull request Feb 21, 2024
@rayaisaiah
chore: [NPM] Updated NPM to Not Use Privileged containers and to Moun…
005a6f0 
…t Container's Root Filesystem as Read Only (#2598)

Resolved NPM vulnerability Do not use privileged containers and  Mount container's root filesystem as read only
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 21, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 21, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Feb 22, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 23, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 24, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 26, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 26, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 27, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Feb 27, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 27, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 27, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 27, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Feb 28, 2024
@rayaisaiah rayaisaiah added this pull request to the merge queue Feb 28, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 28, 2024
@jpayne3506 jpayne3506 added this pull request to the merge queue Feb 29, 2024
Merged via the queue into master with commit e89223e Feb 29, 2024
@jpayne3506 jpayne3506 deleted the npmVul3And6 branch February 29, 2024 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@huntergregory huntergregory huntergregory approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

linux npm Related to NPM.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rayaisaiah @huntergregory @jpayne3506