Skip to content

Commit 6f3a122

Browse files
J12934J12934
committed
Change back runAsNonRoot to false and disable readOnly FS 😕
Nuclei image IS running as root and needs to write to the /tmp folder... Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
1 parent cd56ae4 commit 6f3a122

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

scanners/nuclei/README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -182,12 +182,12 @@ Kubernetes: `>=v1.11.0-0`
182182
| scanner.image.tag | string | `nil` | defaults to the charts appVersion |
183183
| scanner.nameAppend | string | `nil` | append a string to the default scantype name. |
184184
| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
185-
| scanner.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
185+
| scanner.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":false,"runAsNonRoot":false}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
186186
| scanner.securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated |
187187
| scanner.securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the container. |
188188
| scanner.securityContext.privileged | bool | `false` | Ensures that the scanner container is not run in privileged mode |
189-
| scanner.securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system |
190-
| scanner.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user |
189+
| scanner.securityContext.readOnlyRootFilesystem | bool | `false` | Prevents write access to the containers file system |
190+
| scanner.securityContext.runAsNonRoot | bool | `false` | Enforces that the scanner image is run as a non root user |
191191
| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
192192
193193
## License

scanners/nuclei/values.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,9 +62,9 @@ scanner:
6262
# scanner.securityContext -- Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
6363
securityContext:
6464
# scanner.securityContext.runAsNonRoot -- Enforces that the scanner image is run as a non root user
65-
runAsNonRoot: true
65+
runAsNonRoot: false
6666
# scanner.securityContext.readOnlyRootFilesystem -- Prevents write access to the containers file system
67-
readOnlyRootFilesystem: true
67+
readOnlyRootFilesystem: false
6868
# scanner.securityContext.allowPrivilegeEscalation -- Ensure that users privileges cannot be escalated
6969
allowPrivilegeEscalation: false
7070
# scanner.securityContext.privileged -- Ensures that the scanner container is not run in privileged mode

0 commit comments

Comments
 (0)