Fix broken checklist scans with centos6

OpenSCAP needs a writable /tmp for centos6 for reasons that are still a bit unclear. Adding a writable /tmp to allow scans to succeed.
deep-security · Nov 1, 2019 · 93d7d4f · 93d7d4f
1 parent e256cc1
commit 93d7d4f
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/templates/image-scan.yaml b/templates/image-scan.yaml
@@ -83,6 +83,8 @@ spec:
             - --checklist-dir=/data
             - --root=work/
           volumeMounts:
+            - name: oscap-temp
+              mountPath: /tmp
             - name: work
               mountPath: /work
             - name: oscap-feed-data
@@ -179,6 +181,8 @@ spec:
       tolerations: {{ toYaml (default .Values.tolerations.defaults .Values.tolerations.imageScan) | nindent 8 }}
       restartPolicy: Always
       volumes:
+        - name: oscap-temp
+          emptyDir: {}
         - name: oscap-feed-data
           emptyDir:
             sizeLimit: {{ default "1Gi" .Values.scan.openscap.dataVolume.sizeLimit | quote }}