Assigned
Status Update
No update yet.
Comments
ba...@google.com
I had the same problem!
I could solve it by putting the .aidl file in an aidl directory.
Look at the attached screenshot to see the project structure.
I could solve it by putting the .aidl file in an aidl directory.
Look at the attached screenshot to see the project structure.
Description
Description:
Customer is concerned about the alerts from the privilege container in the security command center.
Impact:
Customer is getting is getting a GKE security posture alert that is generic, notifying that the workload is using privileged access within the container.
As the pod ~ csi-driver requires the privileged: true condition.
Workarounds:
If the customer requires the CSI storage option, they can ignore the alert and continue. Otherwise, they should explore alternative options that don't require privileged access.
Feature expected:
As the alert is being triggered in generic ways when there will be any privilege container present in a GKE cluster, the expected feature is the alert should be triggered by checking parameter "mountPropagation". If it is "bidirectional" then the alert should not be triggered in SCC which will reduce the customer’s confusion.