[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Security implications of "runAsUser: type: RunAsAny"



Hello
 
I am trying to understand the security implications of doing "oc edit scc" and using
  runAsUser:
    type: RunAsAny
for "name: restricted".
 
This makes it possible for pods in openshift to have processes inside them that run as root. If I set this for "name: restricted" most of the containers from docker.io will run in OpenShift... which is very useful.
Will the people who login to the cluster via "oc login" be able to do funny things if the restricted pods have "type: RunAsAny"?
 
regards
v

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]