farhoodliquor/irc
Archived
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-05-26. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
5a5cfb284734fdf553cdbded9afd4eb5a0dcf94c
irc/.checkov.yaml
T
Chris Farhood a569047275 fix: revert ZNC security hardening for LinuxServer container 
LinuxServer.io containers need to run init scripts with elevated
permissions before dropping to the specified PUID/PGID. Reverted to:
- Remove restrictive securityContext settings
- Use PUID/PGID environment variables (LinuxServer standard)
- Add Polaris exemptions for runAsRoot and runAsPrivileged
- Add Checkov exemption for high UID requirement

This fixes container startup issues introduced by security hardening.

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
2026-02-08 11:07:21 -05:00

12 lines
422 B
YAML
Raw Blame History

soft-fail: false
quiet: true
compact: true
framework:
- all
skip-check:
- CKV_K8S_21 # Default namespace usage
- CKV_K8S_43 # Image tag validation (using latest tags intentionally)
- CKV_K8S_14 # Image tag should be fixed (same as above)
- CKV_K8S_22 # Read-only filesystem (IRC apps need to write to volumes)
- CKV_K8S_40 # Containers should run as high UID (ZNC LinuxServer container needs flexibility)
Reference in New Issue View Git Blame Copy Permalink