fix: revert ZNC security hardening for LinuxServer container

LinuxServer.io containers need to run init scripts with elevated
permissions before dropping to the specified PUID/PGID. Reverted to:
- Remove restrictive securityContext settings
- Use PUID/PGID environment variables (LinuxServer standard)
- Add Polaris exemptions for runAsRoot and runAsPrivileged
- Add Checkov exemption for high UID requirement

This fixes container startup issues introduced by security hardening.

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
This commit is contained in:
2026-02-08 11:07:21 -05:00
parent 9a6c78680b
commit a569047275
2 changed files with 12 additions and 22 deletions
+5 -4
View File
@@ -4,7 +4,8 @@ compact: true
framework:
- all
skip-check:
- CKV_K8S_21 # Default namespace usage
- CKV_K8S_43 # Image tag validation (using latest tags intentionally)
- CKV_K8S_14 # Image tag should be fixed (same as above)
- CKV_K8S_22 # Read-only filesystem (IRC apps need to write to volumes)
- CKV_K8S_21 # Default namespace usage
- CKV_K8S_43 # Image tag validation (using latest tags intentionally)
- CKV_K8S_14 # Image tag should be fixed (same as above)
- CKV_K8S_22 # Read-only filesystem (IRC apps need to write to volumes)
- CKV_K8S_40 # Containers should run as high UID (ZNC LinuxServer container needs flexibility)