From 94623f7fa6a1f79d6f5d803f52c66fb4c04e3375 Mon Sep 17 00:00:00 2001
From: imdmahajankanika <48632517+imdmahajankanika@users.noreply.github.com>
Date: Thu, 3 Aug 2023 19:54:57 +0200
Subject: [PATCH] Update collector-scc.yaml

As this scc is based on scc privileged, when it is used by a serviceaccount, it runs as root but since readOnlyRootFilesystem: true, it prevents access to files/folders owned by user root.

readOnlyRootFilesystem: true in this scc has caused problems during the upgrades on openshift, because, the version job pod created by CVO, sometimes uses this scc and is unable to remove folders/files owned by user root.

List of related issues:-
https://access.redhat.com/solutions/5911951
https://access.redhat.com/solutions/6985485
https://issues.redhat.com/browse/OTA-680
https://github.com/openshift/cluster-version-operator/pull/824
---
 .../helm/stackrox-secured-cluster/templates/collector-scc.yaml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/templates/helm/stackrox-secured-cluster/templates/collector-scc.yaml b/image/templates/helm/stackrox-secured-cluster/templates/collector-scc.yaml
index 48d47dca0ae9f..38cf7d3c3b6fa 100644
--- a/image/templates/helm/stackrox-secured-cluster/templates/collector-scc.yaml
+++ b/image/templates/helm/stackrox-secured-cluster/templates/collector-scc.yaml
@@ -20,7 +20,7 @@ fsGroup:
   type: RunAsAny
 groups: []
 priority: 0
-readOnlyRootFilesystem: true
+readOnlyRootFilesystem: false
 runAsUser:
   type: RunAsAny
 seLinuxContext: