Merge pull request #24 from SethHollandsworth/bugfix/changing_no_new_…

…privileges changing default value of no_new_privileges
SethHollandsworth · Apr 27, 2023 · f8b0297 · f8b0297
2 parents aff3a33 + 220357d
commit f8b0297
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 16 deletions.
diff --git a/src/confcom/azext_confcom/container.py b/src/confcom/azext_confcom/container.py
@@ -457,8 +457,8 @@ def extract_allow_privilege_escalation(container_json: Any) -> bool:
         container_json, config.ACI_FIELD_CONTAINERS_SECURITY_CONTEXT
     )
 
-    # default to false so that no_new_privileges defaults to true
-    allow_privilege_escalation = False
+    # default to false so that no_new_privileges defaults to false
+    allow_privilege_escalation = True
     # assumes that securityContext field is optional
     if security_context:
 

diff --git a/src/confcom/azext_confcom/data/internal_config.json b/src/confcom/azext_confcom/data/internal_config.json
@@ -208,7 +208,7 @@
             "allow_elevated": false,
             "allow_stdio_access": true,
             "working_dir": "/",
-            "no_new_privileges": true,
+            "no_new_privileges": false,
             "seccomp_profile_sha256": "",
             "user": {
                 "user_idname": {