diff --git a/stable/smokeping/1.0.36/CHANGELOG.md b/stable/smokeping/1.0.37/CHANGELOG.md similarity index 89% rename from stable/smokeping/1.0.36/CHANGELOG.md rename to stable/smokeping/1.0.37/CHANGELOG.md index 73f37b5f97..75e53b3dc9 100644 --- a/stable/smokeping/1.0.36/CHANGELOG.md +++ b/stable/smokeping/1.0.37/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [smokeping-1.0.37](https://github.com/truecharts/apps/compare/smokeping-1.0.36...smokeping-1.0.37) (2022-01-23) + +#### Fix + +* Allow priviledge escalation ([#1769](https://github.com/truecharts/apps/issues/1769)) + + + ### [smokeping-1.0.36](https://github.com/truecharts/apps/compare/smokeping-1.0.35...smokeping-1.0.36) (2022-01-22) @@ -88,12 +97,3 @@ * update helm general non-major helm releases ([#1596](https://github.com/truecharts/apps/issues/1596)) - - - -### [smokeping-1.0.27](https://github.com/truecharts/apps/compare/smokeping-1.0.26...smokeping-1.0.27) (2021-12-19) - -#### Chore - -* Last patch bump before RC2 branch-off -* remove `editable: true` as this is the default ([#1576](https://github.com/truecharts/apps/issues/1576)) diff --git a/stable/smokeping/1.0.36/CONFIG.md b/stable/smokeping/1.0.37/CONFIG.md similarity index 100% rename from stable/smokeping/1.0.36/CONFIG.md rename to stable/smokeping/1.0.37/CONFIG.md diff --git a/stable/smokeping/1.0.36/Chart.lock b/stable/smokeping/1.0.37/Chart.lock similarity index 78% rename from stable/smokeping/1.0.36/Chart.lock rename to stable/smokeping/1.0.37/Chart.lock index d46f6ea423..13a716715a 100644 --- a/stable/smokeping/1.0.36/Chart.lock +++ b/stable/smokeping/1.0.37/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://truecharts.org version: 8.13.5 digest: sha256:089b20485a4e5d995aabc8ef1ecc92e55acb922e4f3f263f2b8c7bfcc26bfd8b -generated: "2022-01-22T14:15:19.425509957Z" +generated: "2022-01-23T22:22:08.833212546Z" diff --git a/stable/smokeping/1.0.36/Chart.yaml b/stable/smokeping/1.0.37/Chart.yaml similarity index 97% rename from stable/smokeping/1.0.36/Chart.yaml rename to stable/smokeping/1.0.37/Chart.yaml index dc9a6668fe..cde8f14e74 100644 --- a/stable/smokeping/1.0.36/Chart.yaml +++ b/stable/smokeping/1.0.37/Chart.yaml @@ -21,7 +21,7 @@ sources: - https://oss.oetiker.ch/smokeping/ - https://hub.docker.com/r/linuxserver/smokeping type: application -version: 1.0.36 +version: 1.0.37 annotations: truecharts.org/catagories: | - media diff --git a/stable/smokeping/1.0.36/README.md b/stable/smokeping/1.0.37/README.md similarity index 100% rename from stable/smokeping/1.0.36/README.md rename to stable/smokeping/1.0.37/README.md diff --git a/stable/smokeping/1.0.36/app-readme.md b/stable/smokeping/1.0.37/app-readme.md similarity index 100% rename from stable/smokeping/1.0.36/app-readme.md rename to stable/smokeping/1.0.37/app-readme.md diff --git a/stable/smokeping/1.0.36/charts/common-8.13.5.tgz b/stable/smokeping/1.0.37/charts/common-8.13.5.tgz similarity index 100% rename from stable/smokeping/1.0.36/charts/common-8.13.5.tgz rename to stable/smokeping/1.0.37/charts/common-8.13.5.tgz diff --git a/stable/smokeping/1.0.36/helm-values.md b/stable/smokeping/1.0.37/helm-values.md similarity index 96% rename from stable/smokeping/1.0.36/helm-values.md rename to stable/smokeping/1.0.37/helm-values.md index 7bc99fa808..f051758878 100644 --- a/stable/smokeping/1.0.36/helm-values.md +++ b/stable/smokeping/1.0.37/helm-values.md @@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here | persistence.data.mountPath | string | `"/data"` | | | podSecurityContext.runAsGroup | int | `0` | | | podSecurityContext.runAsUser | int | `0` | | +| securityContext.allowPrivilegeEscalation | bool | `true` | | | securityContext.readOnlyRootFilesystem | bool | `false` | | | securityContext.runAsNonRoot | bool | `false` | | | service.main.ports.main.port | int | `10030` | | diff --git a/stable/smokeping/1.0.36/ix_values.yaml b/stable/smokeping/1.0.37/ix_values.yaml similarity index 94% rename from stable/smokeping/1.0.36/ix_values.yaml rename to stable/smokeping/1.0.37/ix_values.yaml index 12e99e9107..d24d3df6aa 100644 --- a/stable/smokeping/1.0.36/ix_values.yaml +++ b/stable/smokeping/1.0.37/ix_values.yaml @@ -19,10 +19,12 @@ service: securityContext: readOnlyRootFilesystem: false runAsNonRoot: false + allowPrivilegeEscalation: true podSecurityContext: runAsUser: 0 runAsGroup: 0 + persistence: config: enabled: true diff --git a/stable/smokeping/1.0.36/questions.yaml b/stable/smokeping/1.0.37/questions.yaml similarity index 99% rename from stable/smokeping/1.0.36/questions.yaml rename to stable/smokeping/1.0.37/questions.yaml index 7dbfba7c1e..cd00a66793 100644 --- a/stable/smokeping/1.0.36/questions.yaml +++ b/stable/smokeping/1.0.37/questions.yaml @@ -1603,7 +1603,7 @@ questions: label: "Allow Privilege Escalation" schema: type: boolean - default: false + default: true - variable: runAsNonRoot label: "runAsNonRoot" schema: diff --git a/stable/smokeping/1.0.36/security.md b/stable/smokeping/1.0.37/security.md similarity index 97% rename from stable/smokeping/1.0.36/security.md rename to stable/smokeping/1.0.37/security.md index 3e496dfc9e..fb8741aa20 100644 --- a/stable/smokeping/1.0.36/security.md +++ b/stable/smokeping/1.0.37/security.md @@ -17,6 +17,7 @@ hide: | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| +| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| diff --git a/stable/smokeping/1.0.36/templates/common.yaml b/stable/smokeping/1.0.37/templates/common.yaml similarity index 100% rename from stable/smokeping/1.0.36/templates/common.yaml rename to stable/smokeping/1.0.37/templates/common.yaml diff --git a/stable/smokeping/1.0.36/values.yaml b/stable/smokeping/1.0.37/values.yaml similarity index 100% rename from stable/smokeping/1.0.36/values.yaml rename to stable/smokeping/1.0.37/values.yaml