Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[upstream commit 8a59422] Use cilium-envoy image that drops privileges from the Envoy process before it starts. Envoy now needs to be started as `cilium-envoy-starter`, which drops all privileges before executing `cilium-envoy`. If `cilium-envoy` is executed directly with any privileges, it will terminate with the following error message when any Cilium filters are first configured: "[assert failure: get_capabilities(CAP_EFFECTIVE) == 0 && get_capabilities(CAP_PERMITTED) == 0. Details: cilium-envoy running with privileges, exiting" Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
- Loading branch information