Commit released Helm Chart and docs for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-01-23 22:24:49 +00:00 · 2022-01-23 22:24:49 +00:00 · 4e89e852c4
parent 33cc9ee86f
commit 4e89e852c4
8 changed files with 62 additions and 8 deletions
--- a/charts/stable/smokeping/CHANGELOG.md
+++ b/charts/stable/smokeping/CHANGELOG.md
@ -1,6 +1,15 @@
 # Changelog<br>


+<a name="smokeping-1.0.37"></a>
+### [smokeping-1.0.37](https://github.com/truecharts/apps/compare/smokeping-1.0.36...smokeping-1.0.37) (2022-01-23)
+
+#### Fix
+
+* Allow priviledge escalation ([#1769](https://github.com/truecharts/apps/issues/1769))
+
+
+
 <a name="smokeping-1.0.36"></a>
 ### [smokeping-1.0.36](https://github.com/truecharts/apps/compare/smokeping-1.0.35...smokeping-1.0.36) (2022-01-22)

--- a/charts/stable/smokeping/helm-values.md
+++ b/charts/stable/smokeping/helm-values.md
@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here
 | persistence.data.mountPath | string | `"/data"` |  |
 | podSecurityContext.runAsGroup | int | `0` |  |
 | podSecurityContext.runAsUser | int | `0` |  |
+| securityContext.allowPrivilegeEscalation | bool | `true` |  |
 | securityContext.readOnlyRootFilesystem | bool | `false` |  |
 | securityContext.runAsNonRoot | bool | `false` |  |
 | service.main.ports.main.port | int | `10030` |  |
--- a/charts/stable/smokeping/security.md
+++ b/charts/stable/smokeping/security.md
@ -17,6 +17,7 @@ hide:

 | Type         |    Misconfiguration ID   |   Check  |  Severity |                   Explaination                   | Links  |
 |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
+| Kubernetes Security Check         |    KSV001   |   Process can elevate its own privileges  |  MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details>  |
 | Kubernetes Security Check         |    KSV003   |   Default capabilities not dropped  |  LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details>  |
 | Kubernetes Security Check         |    KSV012   |   Runs as root user  |  MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details>  |
 | Kubernetes Security Check         |    KSV012   |   Runs as root user  |  MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details>  |
--- a/docs/apps/stable/airdcpp-webclient/security.md
+++ b/docs/apps/stable/airdcpp-webclient/security.md
@ -220,4 +220,3 @@ hide:
 | python3.9-minimal         |    CVE-2021-4189   |   MEDIUM  |  3.9.2-1 |  | <details><summary>Expand...</summary><a href="https://bugs.python.org/issue43285">https://bugs.python.org/issue43285</a><br></details>  |
 | python3.9-minimal         |    CVE-2020-27619   |   LOW  |  3.9.2-1 |  | <details><summary>Expand...</summary><a href="https://bugs.python.org/issue41944">https://bugs.python.org/issue41944</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619</a><br><a href="https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8">https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8</a><br><a href="https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9">https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9</a><br><a href="https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33">https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33</a><br><a href="https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794">https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794</a><br><a href="https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b">https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b</a><br><a href="https://linux.oracle.com/cve/CVE-2020-27619.html">https://linux.oracle.com/cve/CVE-2020-27619.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4151.html">https://linux.oracle.com/errata/ELSA-2021-4151.html</a><br><a href="https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/</a><br><a href="https://security.netapp.com/advisory/ntap-20201123-0004/">https://security.netapp.com/advisory/ntap-20201123-0004/</a><br><a href="https://ubuntu.com/security/notices/USN-4754-1">https://ubuntu.com/security/notices/USN-4754-1</a><br><a href="https://ubuntu.com/security/notices/USN-4754-3">https://ubuntu.com/security/notices/USN-4754-3</a><br></details>  |
 | tar         |    CVE-2005-2541   |   LOW  |  1.34+dfsg-1 |  | <details><summary>Expand...</summary><a href="http://marc.info/?l=bugtraq&amp;m=112327628230258&amp;w=2">http://marc.info/?l=bugtraq&amp;m=112327628230258&amp;w=2</a><br><a href="https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E">https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E</a><br></details>  |
-
--- a/docs/apps/stable/smokeping/CHANGELOG.md
+++ b/docs/apps/stable/smokeping/CHANGELOG.md
@ -1,6 +1,15 @@
 # Changelog<br>


+<a name="smokeping-1.0.37"></a>
+### [smokeping-1.0.37](https://github.com/truecharts/apps/compare/smokeping-1.0.36...smokeping-1.0.37) (2022-01-23)
+
+#### Fix
+
+* Allow priviledge escalation ([#1769](https://github.com/truecharts/apps/issues/1769))
+
+
+
 <a name="smokeping-1.0.36"></a>
 ### [smokeping-1.0.36](https://github.com/truecharts/apps/compare/smokeping-1.0.35...smokeping-1.0.36) (2022-01-22)

--- a/docs/apps/stable/smokeping/helm-values.md
+++ b/docs/apps/stable/smokeping/helm-values.md
@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here
 | persistence.data.mountPath | string | `"/data"` |  |
 | podSecurityContext.runAsGroup | int | `0` |  |
 | podSecurityContext.runAsUser | int | `0` |  |
+| securityContext.allowPrivilegeEscalation | bool | `true` |  |
 | securityContext.readOnlyRootFilesystem | bool | `false` |  |
 | securityContext.runAsNonRoot | bool | `false` |  |
 | service.main.ports.main.port | int | `10030` |  |
--- a/docs/apps/stable/smokeping/security.md
+++ b/docs/apps/stable/smokeping/security.md
@ -17,6 +17,7 @@ hide:

 | Type         |    Misconfiguration ID   |   Check  |  Severity |                   Explaination                   | Links  |
 |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
+| Kubernetes Security Check         |    KSV001   |   Process can elevate its own privileges  |  MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details>  |
 | Kubernetes Security Check         |    KSV003   |   Default capabilities not dropped  |  LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details>  |
 | Kubernetes Security Check         |    KSV012   |   Runs as root user  |  MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-smokeping&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details>  |
 | Kubernetes Security Check         |    KSV012   |   Runs as root user  |  MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-smokeping&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details>  |
--- a/docs/index.yaml
+++ b/docs/index.yaml
@ -44167,6 +44167,39 @@ entries:
    - https://github.com/truecharts/apps/releases/download/sickgear-1.0.21/sickgear-1.0.21.tgz
    version: 1.0.21
  smokeping:
+  - annotations:
+      truecharts.org/SCALE-support: "true"
+      truecharts.org/catagories: |
+        - media
+      truecharts.org/grade: U
+    apiVersion: v2
+    appVersion: 2.7.3
+    created: "2022-01-23T22:24:49.085385568Z"
+    dependencies:
+    - name: common
+      repository: https://truecharts.org
+      version: 8.13.5
+    description: Keep track of your network latency.
+    digest: 3d81450aacdaecc36c6577e796206eaf4bd3efadd94e3da6e987dfbd787e7e5d
+    home: https://github.com/truecharts/apps/tree/master/charts/stable/smokeping
+    icon: https://truecharts.org/_static/img/appicons/smokeping-icon.png
+    keywords:
+    - smokeping
+    - network
+    - latency
+    kubeVersion: '>=1.16.0-0'
+    maintainers:
+    - email: info@truecharts.org
+      name: TrueCharts
+      url: https://truecharts.org
+    name: smokeping
+    sources:
+    - https://oss.oetiker.ch/smokeping/
+    - https://hub.docker.com/r/linuxserver/smokeping
+    type: application
+    urls:
+    - https://github.com/truecharts/apps/releases/download/smokeping-1.0.37/smokeping-1.0.37.tgz
+    version: 1.0.37
  - annotations:
      truecharts.org/SCALE-support: "true"
      truecharts.org/catagories: |
@ -52191,4 +52224,4 @@ entries:
    urls:
    - https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-9.0.24/zwavejs2mqtt-9.0.24.tgz
    version: 9.0.24
-generated: "2022-01-23T21:09:09.285214455Z"
+generated: "2022-01-23T22:24:49.089358416Z"