Feature Description
As part of security enhancement, RCM supports the following functionality:
-
Partition Usage in RCM VM—In RCM VM, the /tmp and /var/tmp directories are mounted as separate partitions to prevent privilege escalation attacks.
-
RCM provides flexibility to configure the host-networking mode for SNMP trapper pod. The k8 smf profile rcm-snmp-trapper-ep snmp-trapper host-networking { false | true } CLI command configures the SNMP trapper pod in host networking mode and non-host networking mode.
-
RCM supports the conversion of host networking pods to non-host networking mode for restricting pod access to host network namespace. The CLI commands k8 smf profile rcm-bfd-ep host-networking { true | false } and k8 smf profile rcm-bfd-ep node-port-enabled { true | false } can be configured to run BFDmgr in non-host networking mode.
-
RCM supports the tracking interface and IPv4 virtual-routes configuration for the Keepalived pod. The IPv4 virtual-routes configuration installs routes when RCM moves to MASTER state.
For more information, refer to the UCC 5G RCM Configuration and Administration Guide.