Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

server: add container GID to additional groups #6159

Merged
merged 1 commit into from Aug 25, 2022

Conversation

haircommander
Copy link
Member

@haircommander haircommander commented Aug 22, 2022

Signed-off-by: Peter Hunt pehunt@redhat.com

What type of PR is this?

/kind bug

What this PR does / why we need it:

related to GHSA-rc4r-wh2q-q6c4

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Fix a bug where the GID of the container is not specified in the AdditionalGids, leading to a low risk security vulnerability. For more information please see CVE-2022-2995.

@openshift-ci openshift-ci bot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Aug 22, 2022
@openshift-ci openshift-ci bot requested review from klihub and QiWang19 August 22, 2022 17:42
@openshift-ci openshift-ci bot added dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/bug Categorizes issue or PR as related to a bug. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Aug 22, 2022
@codecov
Copy link

codecov bot commented Aug 22, 2022

Codecov Report

Merging #6159 (db3b399) into main (aaf6efe) will decrease coverage by 0.00%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #6159      +/-   ##
==========================================
- Coverage   42.99%   42.99%   -0.01%     
==========================================
  Files         117      117              
  Lines       12799    12800       +1     
==========================================
  Hits         5503     5503              
- Misses       6737     6738       +1     
  Partials      559      559              

@haircommander haircommander force-pushed the additional-gids branch 2 times, most recently from fd7d10c to d21fde3 Compare August 22, 2022 19:10
@TomSweeneyRedHat
Copy link
Contributor

Changes LGTM,
but it looks like you have to convince a few more tests of that fact.

Signed-off-by: Peter Hunt~ <pehunt@redhat.com>
@haircommander
Copy link
Member Author

/retest

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 25, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 25, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: haircommander, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [haircommander,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit 42b5853 into cri-o:main Aug 25, 2022
47 of 49 checks passed
@haircommander
Copy link
Member Author

/cherry-pick release-1.24

@openshift-cherrypick-robot

@haircommander: new pull request created: #6775

In response to this:

/cherry-pick release-1.24

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants