Currently the PSP (PodSecurityPolicy) in ICAM 3.1.0 does not implement the following best practices, specifically the following:
1/ runAsUser rule should be set to "MustRunAsNonRoot"
rule: RunAsAny (MustRunAsNonRoot required)
2/ allowPrivilegeEscalation should be set to "false"
allowPrivilegeEscalation: true (false required)
3/ readOnlyRootFilesystem should be set to "true"
readOnlyRootFilesystem: false (true required)
This idea intends to fix those gaps in the PSP and maximize the security of ICAM.
|Hybrid Cloud Portfolio Impacted|
|Who would benefit from this IDEA?||As a customer I can install ICAM in ICP with the restricted PSP available as a default in ICP so I can maximize the security of my environment|
|Name/s of Impacted Customer/s|
Why is it useful?
How should it work?
|OBDR / Resolution Date|
|OBDR / Resolution Owner|
|OBDR / Org|
|OBDR / IOT|
|OBDR Which offering is this requirement for?|
|OBDR / Meeting Date|
|OBDR / Executive Owner/s|
|OBDR / Target Date|
|OBDR / Requirement Priority|
|RFE Created On|
|RFE Updated On|
|RFE Support ID|
|RFE RTC ID|
|RFE Other ID|