Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zarf agent deployments security context uses incorrect user / group #3244

Closed
AustinAbro321 opened this issue Nov 18, 2024 · 0 comments · Fixed by #3243
Closed

Zarf agent deployments security context uses incorrect user / group #3244

AustinAbro321 opened this issue Nov 18, 2024 · 0 comments · Fixed by #3243

Comments

@AustinAbro321
Copy link
Contributor

Summary

The agent was recently set with a security context in #3036, which set the user:group in the container to 1000:2000. However, the user:group should be 65532:65532 as this is the sole nonroot user in the base image cgr.dev/chainguard/static:latest and owner of the executed Zarf binary. This doesn't cause any issues for the regular Zarf init package, but did cause an issue for the ironbank agent, which sets a chmod Zarf file so only the owner can access it.

@AustinAbro321 AustinAbro321 changed the title Zarf agent deployments overrides to wrong user / group Zarf agent deployments security context uses incorrect user / group Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant