You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The agent was recently set with a security context in #3036, which set the user:group in the container to 1000:2000. However, the user:group should be 65532:65532 as this is the sole nonroot user in the base image cgr.dev/chainguard/static:latest and owner of the executed Zarf binary. This doesn't cause any issues for the regular Zarf init package, but did cause an issue for the ironbank agent, which sets a chmod Zarf file so only the owner can access it.
The text was updated successfully, but these errors were encountered:
AustinAbro321
changed the title
Zarf agent deployments overrides to wrong user / group
Zarf agent deployments security context uses incorrect user / group
Nov 18, 2024
Summary
The agent was recently set with a security context in #3036, which set the user:group in the container to 1000:2000. However, the user:group should be 65532:65532 as this is the sole nonroot user in the base image
cgr.dev/chainguard/static:latest
and owner of the executed Zarf binary. This doesn't cause any issues for the regular Zarf init package, but did cause an issue for the ironbank agent, which sets a chmod Zarf file so only the owner can access it.The text was updated successfully, but these errors were encountered: