)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":12281,"name":"Itxaka","email":"igarcia@suse.com","username":"itxaka"},"change_message_id":"c24f7b4acfa5b7dd8b5c4519dc93eb62ea7f39aa","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Pete Birley \u003cpetebirley@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2019-09-25 22:05:46 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Mairadb: Run ingress error page server as nobody user"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This PS updates the mariadb ingress error page server to run as the"},{"line_number":10,"context_line":"nobody user."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"3fa7e38b_4d26c3d0","line":7,"updated":"2019-09-25 22:25:11.000000000","message":"maira? :p","commit_id":"92710bbe03e273d1289ff81a40914a3e89a05cfa"},{"author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"change_message_id":"8f6d8ed10827005ba3f04f2a62af88c794300c11","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Pete Birley \u003cpetebirley@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2019-09-25 22:05:46 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Mairadb: Run ingress error page server as nobody user"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This PS updates the mariadb ingress error page server to run as the"},{"line_number":10,"context_line":"nobody user."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"3fa7e38b_d0900646","line":7,"in_reply_to":"3fa7e38b_4d26c3d0","updated":"2019-09-25 23:02:24.000000000","message":"done :)","commit_id":"92710bbe03e273d1289ff81a40914a3e89a05cfa"}],"mariadb/values.yaml":[{"author":{"_account_id":24816,"name":"Anthony Bellino","email":"ab2434@att.com","username":"anthony.bellino"},"change_message_id":"01ef643eb029af1071c8d2c70715a4d20b77143f","unresolved":false,"context_lines":[{"line_number":82,"context_line":"        runAsUser: 1000"},{"line_number":83,"context_line":"      container:"},{"line_number":84,"context_line":"        server:"},{"line_number":85,"context_line":"          runAsUser: 0"},{"line_number":86,"context_line":"          readOnlyRootFilesystem: true"},{"line_number":87,"context_line":"    prometheus_mysql_exporter:"},{"line_number":88,"context_line":"      pod:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"3fa7e38b_1019be20","side":"PARENT","line":85,"range":{"start_line":85,"start_character":10,"end_line":85,"end_character":22},"updated":"2019-09-25 22:56:13.000000000","message":"I think you also have to remove L59 [0], otherwise this runs the container still as root, but then I\u0027m still not sure if \u0027nobody\u0027 has the correct perms. for /server bin.\n\n[0] https://github.com/openstack/openstack-helm-infra/blob/master/mariadb/templates/deployment-error.yaml#L59","commit_id":"b87784332a7569e6d4c46da377b262575e0b0e31"},{"author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"change_message_id":"d51531089a4d5878df3c4aa78d4f0b96609185c1","unresolved":false,"context_lines":[{"line_number":82,"context_line":"        runAsUser: 1000"},{"line_number":83,"context_line":"      container:"},{"line_number":84,"context_line":"        server:"},{"line_number":85,"context_line":"          runAsUser: 0"},{"line_number":86,"context_line":"          readOnlyRootFilesystem: true"},{"line_number":87,"context_line":"    prometheus_mysql_exporter:"},{"line_number":88,"context_line":"      pod:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"3fa7e38b_30995a78","side":"PARENT","line":85,"range":{"start_line":85,"start_character":10,"end_line":85,"end_character":22},"in_reply_to":"3fa7e38b_1019be20","updated":"2019-09-25 23:01:22.000000000","message":"why?\n\nunless overridden the pod level security context will be in play, eg:\n\n```\n#/Users/pb269f/Development/openstack/openstack-helm-infra\ndocker-desktop $ kubectl -n default exec -it mariadb-ingress-error-pages-f58c74964-fqwkn -- id -u\n65534\n```","commit_id":"b87784332a7569e6d4c46da377b262575e0b0e31"},{"author":{"_account_id":24816,"name":"Anthony Bellino","email":"ab2434@att.com","username":"anthony.bellino"},"change_message_id":"4805c5a9343d9997913a79617984828e21a6d9f7","unresolved":false,"context_lines":[{"line_number":82,"context_line":"        runAsUser: 1000"},{"line_number":83,"context_line":"      container:"},{"line_number":84,"context_line":"        server:"},{"line_number":85,"context_line":"          runAsUser: 0"},{"line_number":86,"context_line":"          readOnlyRootFilesystem: true"},{"line_number":87,"context_line":"    prometheus_mysql_exporter:"},{"line_number":88,"context_line":"      pod:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"3fa7e38b_733a7ccc","side":"PARENT","line":85,"range":{"start_line":85,"start_character":10,"end_line":85,"end_character":22},"in_reply_to":"3fa7e38b_30995a78","updated":"2019-09-25 23:55:46.000000000","message":"maybe more of a nit, I see the gid as root, but if this isn\u0027t a concern then I\u0027m good.\nkubectl exec -it -n ucp mariadb-ingress-error-pages-687d9bfc6f-j7pdz -- id\nuid\u003d65534 gid\u003d0(root)","commit_id":"b87784332a7569e6d4c46da377b262575e0b0e31"}]}