[CMS-14545]: Updated cri-o ymls for SCA support.

cssensor-crio-ds.yml

@@ -141,11 +141,13 @@ items:
               name: persistent-volume
             - mountPath: /usr/local/qualys/qpa/data/conf/agent-data
               name: agent-volume
+            - mountPath: /var/lib/containers/storage
+              name: container-storage
 # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud
             #- mountPath: /etc/qualys/qpa/cert/custom-ca.crt
             #  name: proxy-cert-path              
             securityContext:
-              allowPrivilegeEscalation: false
+              privileged: true
           volumes:
             - name: socket-volume
               hostPath:
@@ -159,6 +161,9 @@ items:
               hostPath:
                 path: /etc/qualys
                 type: DirectoryOrCreate
+            - name: container-storage
+              hostPath:
+                path: /var/lib/containers/storage
 # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud
             #- name: proxy-cert-path
             #  hostPath:

cssensor-openshift-crio-ds.yml

@@ -89,7 +89,7 @@ items:
     allowHostIPC: false
     allowHostPID: false
     allowHostPorts: false
-    allowPrivilegedContainer: false
+    allowPrivilegedContainer: true
     readOnlyRootFilesystem: false
     runAsUser:
       type: RunAsAny
@@ -158,11 +158,13 @@ items:
               name: persistent-volume
             - mountPath: /usr/local/qualys/qpa/data/conf/agent-data
               name: agent-volume
+            - mountPath: /var/lib/containers/storage
+              name: container-storage
 # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud
             #- mountPath: /etc/qualys/qpa/cert/custom-ca.crt
             #  name: proxy-cert-path              
             securityContext:
-              allowPrivilegeEscalation: false
+              privileged: true
           volumes:
             - name: socket-volume
               hostPath:
@@ -176,6 +178,9 @@ items:
               hostPath:
                 path: /etc/qualys
                 type: DirectoryOrCreate
+            - name: container-storage
+              hostPath:
+                path: /var/lib/containers/storage
 # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud
             #- name: proxy-cert-path
             #  hostPath:

cssensor-openshift-crio-ds_pv_pvc.yml

@@ -113,7 +113,7 @@ items:
     allowHostIPC: false
     allowHostPID: false
     allowHostPorts: false
-    allowPrivilegedContainer: false
+    allowPrivilegedContainer: true
     readOnlyRootFilesystem: false
     runAsUser:
       type: RunAsAny
@@ -182,11 +182,13 @@ items:
               name: persistent-volume
             - mountPath: /usr/local/qualys/qpa/data/conf/agent-data
               name: agent-volume
+            - mountPath: /var/lib/containers/storage
+              name: container-storage
 # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud
             #- mountPath: /etc/qualys/qpa/cert/custom-ca.crt
             #  name: proxy-cert-path
             securityContext:
-              allowPrivilegeEscalation: false
+              privileged: true
           volumes:
             - name: socket-volume
               hostPath:
@@ -199,6 +201,9 @@ items:
               hostPath:
                 path: /etc/qualys
                 type: DirectoryOrCreate
+            - name: container-storage
+              hostPath:
+                path: /var/lib/containers/storage
 # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud
             #- name: proxy-cert-path
             #  hostPath:

helm-chart-scripts/cssensor-chart-crio-ds/templates/cssensor-crio-ds.yml

@@ -159,8 +159,10 @@ items:
             - mountPath: /etc/qualys/qpa/cert/custom-ca.crt
               name: proxy-cert-path
 {{- end }}
+            - mountPath: /var/lib/containers/storage
+              name: container-storage
             securityContext:
-              allowPrivilegeEscalation: false
+              privileged: true
           volumes:
             - name: socket-volume
               hostPath:
@@ -183,4 +185,7 @@ items:
                 path: {{.Values.qualys.proxycertpath}}
                 type: File
 {{- end }}
+            - name: container-storage
+              hostPath:
+                path: /var/lib/containers/storage
           hostNetwork: true

helm-chart-scripts/cssensor-chart-openshift-crio-ds/templates/cssensor-openshift-crio-ds.yaml

@@ -85,7 +85,7 @@ items:
     allowHostIPC: false
     allowHostPID: false
     allowHostPorts: false
-    allowPrivilegedContainer: false
+    allowPrivilegedContainer: true
     readOnlyRootFilesystem: false
     runAsUser:
       type: RunAsAny
@@ -171,13 +171,15 @@ items:
 {{- end }}
             - mountPath: /usr/local/qualys/qpa/data/conf/agent-data
               name: agent-volume
+            - mountPath: /var/lib/containers/storage
+              name: container-storage
 {{- if .Values.qualys.proxycert }}
 # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud
             - mountPath: /etc/qualys/qpa/cert/custom-ca.crt
               name: proxy-cert-path
 {{- end }}
             securityContext:
-              allowPrivilegeEscalation: false
+              privileged: true
           volumes:
             - name: socket-volume
               hostPath:
@@ -200,4 +202,7 @@ items:
                 path: {{.Values.qualys.proxycertpath}}
                 type: File
 {{- end }}
+            - name: container-storage
+              hostPath:
+                path: /var/lib/containers/storage
           hostNetwork: true