Revision 4f4e8e9155a6d2639ab02b7de39590bc95ae0c53 authored by Tam Mach on 05 March 2024, 08:34:35 UTC, committed by Julian Wiedmann on 02 April 2024, 17:03:53 UTC
[upstream commit 3166f95] Use cilium-envoy image that drops privileges from the Envoy process before it starts. Envoy now needs to be started as `cilium-envoy-starter`, which drops all privileges before executing `cilium-envoy`. If `cilium-envoy` is executed directly with any privileges, it will terminate with the following error message when any Cilium filters are first configured: "[assert failure: get_capabilities(CAP_EFFECTIVE) == 0 && get_capabilities(CAP_PERMITTED) == 0. Details: cilium-envoy running with privileges, exiting" Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
1 parent 63859d3
SECURITY.md
# Security Policy
## Supported Versions
| Version | Supported |
|-----------| ------------------ |
| master | :white_check_mark: |
| 1.12.x | :white_check_mark: |
| 1.11.x | :white_check_mark: |
| 1.10.x | :white_check_mark: |
| < 1.10.0 | :x: |
## Reporting a Vulnerability
We strongly encourage you to report security vulnerabilities to
our private security mailing list: security@cilium.io - first, before
disclosing them in any public forums.
This is a private mailing list where only members of the Cilium internal
security team are subscribed to, and is treated as top priority.
Computing file changes ...