# Controller Manager: Restricted Pod Security and read only root FS Fixed to address: https://issues.redhat.com/browse/OADP-5275 With the fix, the OADP controller manager pod operates with more restrictive settings. To check the settings, get the pod name, in our example it's `openshift-adp-controller-manager-985dc6d94-hmzkg`: ```shell= $ oc get pods -n openshift-adp NAME READY STATUS RESTARTS AGE openshift-adp-controller-manager-985dc6d94-hmzkg 1/1 Running 0 23s ``` * Confirm the container operates as non root: ```shell= $ oc get pod openshift-adp-controller-manager-985dc6d94-hmzkg -n openshift-adp -o json | jq '.spec.securityContext' { "fsGroup": 1000650000, "runAsNonRoot": true, "seLinuxOptions": { "level": "s0:c26,c0" }, "seccompProfile": { "type": "RuntimeDefault" } } ``` * Confirm the SCC and seccomp annotations: ```shell= $ oc get pod openshift-adp-controller-manager-985dc6d94-hmzkg -n openshift-adp -o json | jq '.metadata.annotations' { "openshift.io/scc": "restricted-v2", "seccomp.security.alpha.kubernetes.io/pod": "runtime/default", } ``` * check the running container and ensure the settings are applied: ```shell= $ oc rsh -n openshift-adp openshift-adp-controller-manager-985dc6d94-hmzkg sh-5.1# touch /readonly touch: cannot touch '/readonly': Read-only file system sh-5.1# whoami 1000670000 ```