From bf41f10068ed942f0ab97cfdfbb1b2df5f84db0c Mon Sep 17 00:00:00 2001 From: Gayathri Devi Kathiri Date: Fri, 29 Jan 2021 09:37:37 +0000 Subject: [PATCH] Disallow privilege escalation in rabbitmq server container This PS is to address security best practices in rabbitmq server containers by disabling allowPrivilegeEscalation flag Change-Id: I4de2ee4320efaa9569312016f4cca61c1f7636b2 --- rabbitmq/Chart.yaml | 2 +- rabbitmq/values.yaml | 1 + releasenotes/notes/rabbitmq.yaml | 5 +++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml index d00c49b60..06b977499 100644 --- a/rabbitmq/Chart.yaml +++ b/rabbitmq/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v3.7.26 description: OpenStack-Helm RabbitMQ name: rabbitmq -version: 0.1.5 +version: 0.1.6 home: https://github.com/rabbitmq/rabbitmq-server ... diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 057a33570..037616a4a 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -84,6 +84,7 @@ pod: runAsUser: 0 readOnlyRootFilesystem: true rabbitmq: + allowPrivilegeEscalation: false runAsUser: 999 readOnlyRootFilesystem: false cluster_wait: diff --git a/releasenotes/notes/rabbitmq.yaml b/releasenotes/notes/rabbitmq.yaml index 9c621e82c..6bcb71d28 100644 --- a/releasenotes/notes/rabbitmq.yaml +++ b/releasenotes/notes/rabbitmq.yaml @@ -1,4 +1,9 @@ --- rabbitmq: - 0.1.0 Initial Chart + - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" + - 0.1.2 changes rmq-exporter secret src + - 0.1.4 Add configurable RABBIT_TIMEOUT parameter + - 0.1.5 Update Rabbitmq exporter version + - 0.1.6 Disallow privilege escalation in rabbitmq server container ...