[CP 1571] security: Mythos AI-scan fixes batch 2 (KUBE-34, KUBE-32)#594
Merged
spraveenio merged 2 commits intoJul 7, 2026
Conversation
* security(kmm): remove dead RHEL driver-build template (KUBE-34) The RHEL KMM driver-build template passed the Red Hat subscription password via subscription-manager --password inside a RUN layer, which would expose the credential in the build ConfigMap, process table, image history, and logs (and the ; exit 0 suffix masked registration failures). The path was already disabled: the "rhel" case in resolveDockerfile was commented out, DockerfileTemplate.rhel was not go:embed'd or referenced, and the RedhatSubscription* CRD fields it read no longer exist, so osDistro == "rhel" already falls through to "not supported OS". No live code path could leak the credential. Per team confirmation RHEL support is not being revived, so remove the dead template file and the stale commented-out block rather than hardening an unreachable path. * security(api): document trust model for driver-build repo/GPG URLs (KUBE-32) The KMM driver-build templates fetch the apt/dnf GPG trust root from a URL that can be supplied via DeviceConfig (spec.driver.imageBuild.gpgKeyURL, packageRepoURL, amdgpuInstallerRepoURL). Since that key verifies the amdgpu packages for a ring-0 kernel module on every node, controlling it is high impact. This is by design, not a defect: these are optional fields added for custom-mirror / air-gapped installs (ROCm#540), and the only actor who can set them is someone with write access to DeviceConfig, who already controls the driver's package source. The scan's recommended fix (reject a CR-supplied key URL) would break the air-gapped feature. Rather than change behavior, document the trust model on the three URL fields: they are trusted, privileged build inputs; DeviceConfig write access should be treated as control over the driver's package source / trust root and granted only to trusted admins; prefer https URLs you control. Regenerated the CRD, helm CRD, and CSV descriptors to match. * docs(plan): add plan file for Mythos security batch 2 Satisfies the pr-plan-check gate for pensando #1571. (cherry picked from commit 6c707db4fd8febc42f8f651d0f1c5e02826c0abd)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
cp of pensando/gpu-operator#1571
Source PR Description (pensando/gpu-operator#1571):
Summary
Internal-fork counterpart of the ROCm batch-2 security fixes. Both findings apply to this repo.
KUBE-34 — the RHEL KMM driver-build template passed the Red Hat subscription password via
subscription-manager --passwordinside aRUNlayer (exposed in the build ConfigMap, process table, image history, and logs;; exit 0masked failures). The path was already dead: the"rhel"case inresolveDockerfilewas commented out,DockerfileTemplate.rhelwas not embedded or referenced, and theRedhatSubscription*CRD fields it read no longer exist, soosDistro == "rhel"already fell through to "not supported OS". Per team confirmation RHEL support is not being revived, so the dead template and commented block are removed.KUBE-32 — the KMM driver-build templates fetch the apt/dnf GPG trust root from a URL that can be supplied via
DeviceConfig(gpgKeyURL/packageRepoURL/amdgpuInstallerRepoURL). This is by design (optional fields for custom-mirror / air-gapped installs), and the only actor who can set them already controls the driver's package source via DeviceConfig write access. The scan's suggested fix would break air-gapped support. Instead, the trust model is documented on the three fields, and the CRD / helm CRD / CSV descriptors are regenerated to match.Test plan
go build ./...passesmake manifests+make bundle-buildon this branch;operator-sdk bundle validate ./bundlepassesCherrypick triggered by: ACP-Automation