From 95072babab9051fade07dd2a40920230de428a81 Mon Sep 17 00:00:00 2001
From: Greg Smith <65406958+gsmith-sas@users.noreply.github.com>
Date: Wed, 9 Oct 2024 16:31:41 -0400
Subject: [PATCH] [SECURITY] OpenSearch Dashboards pod:
 allowPrivilegeEscalation set to false (#687)

---
 CHANGELOG.md                            | 3 +++
 logging/opensearch/osd_helm_values.yaml | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f00ad88..9f75c956 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
 # SAS Viya Monitoring for Kubernetes
 
 ## Unreleased
+* **Logging**
+  * [SECURITY] OpenSearch Dashboards pod securityContext updated to set allowPrivilegeEscalation to 'false'
+
 * **Metrics**
   * [SECURITY] Metrics (collected by Kube State Metrics) related to Kubernetes Secret have been disabled 
 to eliminate the need to grant `list` permission (for Secret resources) to the KSM ClusterRole (see PR#684)
diff --git a/logging/opensearch/osd_helm_values.yaml b/logging/opensearch/osd_helm_values.yaml
index 997b9b50..dc33d570 100644
--- a/logging/opensearch/osd_helm_values.yaml
+++ b/logging/opensearch/osd_helm_values.yaml
@@ -68,3 +68,4 @@ config:
 
 securityContext:
   readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false