Set allowPrivilegeEscalation to false as default value for the servic…

…e orchestrator (#4427)
SeldonIO · Nov 9, 2022 · c7ff8a3 · c7ff8a3
1 parent e680614
commit c7ff8a3
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/operator/controllers/seldondeployment_engine.go b/operator/controllers/seldondeployment_engine.go
@@ -337,7 +337,8 @@ func createEngineContainer(mlDep *machinelearningv1.SeldonDeployment, p *machine
 	}
 
 	if engineUser != nil {
-		c.SecurityContext = &corev1.SecurityContext{RunAsUser: engineUser}
+		escalationDefault := false
+		c.SecurityContext = &corev1.SecurityContext{RunAsUser: engineUser, AllowPrivilegeEscalation: &escalationDefault}
 	}
 
 	// Environment vars if specified