From 3d07ff759a6a38c29b9a8ce01ce6d5b6695d4fb4 Mon Sep 17 00:00:00 2001
From: Angel Misevski <amisevsk@redhat.com>
Date: Wed, 11 Jan 2023 10:39:23 -0500
Subject: [PATCH] Set SCC allowPrivilegeEscalation to true when container build
 enabled (#1596)

* Set SCC allowPrivilegeEscalation to true when container build enabled

Running Podman inside a container in OpenShift requires the pod to have
allowPrivilegeEscalation: true in its security context.

* Fix tests

Signed-off-by: Angel Misevski <amisevsk@redhat.com>
---
 pkg/common/constants/constants.go                            | 2 +-
 pkg/deploy/dev-workspace-config/dev_workspace_config_test.go | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/common/constants/constants.go b/pkg/common/constants/constants.go
index cd4519b99..92376d27d 100644
--- a/pkg/common/constants/constants.go
+++ b/pkg/common/constants/constants.go
@@ -154,6 +154,6 @@ var (
 				"SETUID",
 			},
 		},
-		AllowPrivilegeEscalation: pointer.BoolPtr(false),
+		AllowPrivilegeEscalation: pointer.BoolPtr(true),
 	}
 )
diff --git a/pkg/deploy/dev-workspace-config/dev_workspace_config_test.go b/pkg/deploy/dev-workspace-config/dev_workspace_config_test.go
index fb8118cfc..897f21af2 100644
--- a/pkg/deploy/dev-workspace-config/dev_workspace_config_test.go
+++ b/pkg/deploy/dev-workspace-config/dev_workspace_config_test.go
@@ -383,7 +383,7 @@ func TestReconcileDevWorkspaceConfigPerUserStorage(t *testing.T) {
 								"SETUID",
 							},
 						},
-						AllowPrivilegeEscalation: pointer.BoolPtr(false),
+						AllowPrivilegeEscalation: pointer.BoolPtr(true),
 					},
 				},
 			},
@@ -434,7 +434,7 @@ func TestReconcileDevWorkspaceConfigPerUserStorage(t *testing.T) {
 								"SETUID",
 							},
 						},
-						AllowPrivilegeEscalation: pointer.BoolPtr(false),
+						AllowPrivilegeEscalation: pointer.BoolPtr(true),
 					},
 				},
 			},