The default flag "allow_privileged: true" in the zabbix agents operator instance yaml file should be false.

XMLWordPrintable

    • Type: Defect (Security)
    • Resolution: Won't fix
    • Priority: Trivial
    • None
    • Affects Version/s: None
    • Component/s: Agent (G), Templates (T)
    • None
    • Environment:
      DEV, PROD
    • 3

      Steps to reproduce:

      Deploy the Zabbix operator agent instance using the default yaml file

      Result:
      **
      The below value in the zabbix operator instance yaml is 'true' by default which enables the zabbix agent pods to run with root privileges and is flagged as a big security risk. 
      allow_privileged: true
       
      Expected:
      The bug/feature request would be that the value should be hard coded as 'false' so that the user is not able to change it to 'true' thus avoiding the mentioned security risk.
      allow_privileged: false

            Assignee:
            Andrei Gushchin (Inactive)
            Reporter:
            Sarang Kher
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: