Setup seccompProfile per recommendation from trivy

Signed-off-by: Pat Riehecky <[email protected]>
rancher · Sep 12, 2024 · d0a42df · d0a42df
1 parent 7a64e37
commit d0a42df
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/deploy/chart/local-path-provisioner/values.yaml b/deploy/chart/local-path-provisioner/values.yaml
@@ -97,10 +97,10 @@ podAnnotations: {}
 podSecurityContext: {}
   # runAsNonRoot: true
 
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
   # allowPrivilegeEscalation: false
-  # seccompProfile:
-  #   type: RuntimeDefault
   # capabilities:
   #   drop: ["ALL"]
   # runAsUser: 65534

diff --git a/deploy/local-path-storage.yaml b/deploy/local-path-storage.yaml
@@ -106,6 +106,9 @@ spec:
                   fieldPath: metadata.namespace
             - name: CONFIG_MOUNT_PATH
               value: /etc/config/
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefau
       volumes:
         - name: config-volume
           configMap:

diff --git a/deploy/provisioner.yaml b/deploy/provisioner.yaml
@@ -32,6 +32,9 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
       volumes:
         - name: config-volume
           configMap: