From 9234fa92fa3ff457d993f06625beff783695b7e1 Mon Sep 17 00:00:00 2001
From: ChristianZaccaria <christian.zaccaria.cz@gmail.com>
Date: Fri, 21 Jun 2024 16:43:06 +0100
Subject: [PATCH] PATCH: Add SecurityContext to ray pods to function with
 restricted pod-security

---
 ray-operator/config/openshift/ray_operator_scc.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ray-operator/config/openshift/ray_operator_scc.yaml b/ray-operator/config/openshift/ray_operator_scc.yaml
index 1246a5d57e..601c95de41 100644
--- a/ray-operator/config/openshift/ray_operator_scc.yaml
+++ b/ray-operator/config/openshift/ray_operator_scc.yaml
@@ -4,6 +4,12 @@ metadata:
   name: run-as-ray-user
 seLinuxContext:
   type: MustRunAs
+defaultAllowPrivilegeEscalation: false
+allowPrivilegeEscalation: false
+seccompProfiles:
+  - runtime/default
+requiredDropCapabilities:
+  - ALL
 runAsUser:
   type: MustRunAs
   uid: 1000