Skip to content

Commit 7a7c5ca

Browse files
hasanawad94hasanawad94
committed
Enable readOnly config for rootfs for the build containers
Signed-off-by: Hasan Awad <[email protected]>
1 parent d8447f9 commit 7a7c5ca

File tree

3 files changed

+17
-11
lines changed

3 files changed

+17
-11
lines changed

cmd/waiter/main.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ var (
5454
var defaultTimeout = 60 * time.Second
5555

5656
// defaultLockFile default location of the lock-file.
57-
var defaultLockFile = "/tmp/waiter.lock"
57+
var defaultLockFile = "/shp-tmp/waiter.lock"
5858

5959
// flagValues receives the command-line flag values.
6060
var flagValues = settings{}

pkg/config/config.go

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -187,8 +187,9 @@ func NewDefaultConfig() *Config {
187187
"ALL",
188188
},
189189
},
190-
RunAsUser: nonRoot,
191-
RunAsGroup: nonRoot,
190+
RunAsUser: nonRoot,
191+
RunAsGroup: nonRoot,
192+
ReadOnlyRootFilesystem: ptr.To(true),
192193
},
193194
},
194195

@@ -215,8 +216,9 @@ func NewDefaultConfig() *Config {
215216
"ALL",
216217
},
217218
},
218-
RunAsUser: nonRoot,
219-
RunAsGroup: nonRoot,
219+
RunAsUser: nonRoot,
220+
RunAsGroup: nonRoot,
221+
ReadOnlyRootFilesystem: ptr.To(true),
220222
},
221223
},
222224

@@ -241,6 +243,7 @@ func NewDefaultConfig() *Config {
241243
AllowPrivilegeEscalation: ptr.To(false),
242244
RunAsUser: root,
243245
RunAsGroup: root,
246+
ReadOnlyRootFilesystem: ptr.To(true),
244247
Capabilities: &corev1.Capabilities{
245248
Add: []corev1.Capability{
246249
"DAC_OVERRIDE",
@@ -274,8 +277,9 @@ func NewDefaultConfig() *Config {
274277
"ALL",
275278
},
276279
},
277-
RunAsUser: nonRoot,
278-
RunAsGroup: nonRoot,
280+
RunAsUser: nonRoot,
281+
RunAsGroup: nonRoot,
282+
ReadOnlyRootFilesystem: ptr.To(true),
279283
},
280284
},
281285

pkg/config/config_test.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -142,8 +142,9 @@ var _ = Describe("Config", func() {
142142
"ALL",
143143
},
144144
},
145-
RunAsUser: nonRoot,
146-
RunAsGroup: nonRoot,
145+
RunAsUser: nonRoot,
146+
RunAsGroup: nonRoot,
147+
ReadOnlyRootFilesystem: ptr.To(true),
147148
},
148149
}))
149150
})
@@ -243,8 +244,9 @@ var _ = Describe("Config", func() {
243244
"ALL",
244245
},
245246
},
246-
RunAsUser: nonRoot,
247-
RunAsGroup: nonRoot,
247+
RunAsUser: nonRoot,
248+
RunAsGroup: nonRoot,
249+
ReadOnlyRootFilesystem: ptr.To(true),
248250
},
249251
}))
250252
})

0 commit comments

Comments
 (0)