fix: revert ZNC security hardening for LinuxServer container
LinuxServer.io containers need to run init scripts with elevated permissions before dropping to the specified PUID/PGID. Reverted to: - Remove restrictive securityContext settings - Use PUID/PGID environment variables (LinuxServer standard) - Add Polaris exemptions for runAsRoot and runAsPrivileged - Add Checkov exemption for high UID requirement This fixes container startup issues introduced by security hardening. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
This commit is contained in:
+5
-4
@@ -4,7 +4,8 @@ compact: true
|
||||
framework:
|
||||
- all
|
||||
skip-check:
|
||||
- CKV_K8S_21 # Default namespace usage
|
||||
- CKV_K8S_43 # Image tag validation (using latest tags intentionally)
|
||||
- CKV_K8S_14 # Image tag should be fixed (same as above)
|
||||
- CKV_K8S_22 # Read-only filesystem (IRC apps need to write to volumes)
|
||||
- CKV_K8S_21 # Default namespace usage
|
||||
- CKV_K8S_43 # Image tag validation (using latest tags intentionally)
|
||||
- CKV_K8S_14 # Image tag should be fixed (same as above)
|
||||
- CKV_K8S_22 # Read-only filesystem (IRC apps need to write to volumes)
|
||||
- CKV_K8S_40 # Containers should run as high UID (ZNC LinuxServer container needs flexibility)
|
||||
|
||||
Reference in New Issue
Block a user