Skip to content
This repository has been archived by the owner on Oct 20, 2022. It is now read-only.

[Feature/Operator] Add empty_dir volume for /tmp dir #98

Merged
merged 2 commits into from
May 7, 2021
Merged

[Feature/Operator] Add empty_dir volume for /tmp dir #98

merged 2 commits into from
May 7, 2021

Conversation

erdrix
Copy link
Contributor

@erdrix erdrix commented May 7, 2021
edited
Loading

Q A
Bug fix? no
New feature? yes
API breaks? no
Deprecations? no
Related tickets fixes #X, partially #Y, mentioned in #Z
License Apache 2.0

What's in this PR?

This PR add an emptyDir volume for each node pods mounted into the /tmp folder

Why?

This should allow to deny error such as :

 "description": "A library that was not part of the original container image was loaded. If an added library is loaded, this is a possible sign that an attacker has control of the workload and they are executing arbitrary code."
 "Added_Library_Fullpath": "/tmp/snappy-1.0.5-libsnappyjava.so"

Checklist

  • Implementation tested
  • Error handling code meets the guideline
  • Logging code meets the guideline
  • User guide and development docs updated (if needed)
  • Append changelog with changes

@erdrix erdrix added enhancement New feature or request MVP Targeted for the v1 release priority:1 labels May 7, 2021
@erdrix erdrix self-assigned this May 7, 2021
@erdrix erdrix merged commit ddf6c4a into Orange-OpenSource:master May 7, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@erdrix erdrix

Labels
enhancement New feature or request MVP Targeted for the v1 release priority:1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@erdrix