luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Update FIPS documentation to clarify mlock (#15502) 

This clarifies a limitation of the FIPS based container images,
to note that due to OpenShift requirements, we need to suggest
ways of disabling mlock or allowing Vault to set mlock.
This commit is contained in:
Alexander Scheel 2022-05-19 09:31:47 -04:00 committed by GitHub
parent 7966a98fc2
commit f31149089f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
website/content/docs/enterprise/fips/fips1402.mdx
View File

@ -46,6 +46,12 @@ in a FIPS-compliant manner. We are not a NIST-certified testing laboratory
and thus organizations may need to consult an approved auditor for final
information.
~> **Note**: When pulling the FIPS UBI-based images, note that they are
ultimately designed for OpenShift certification; consider either adding
the `--user root --cap-add IPC_LOCK` options, to allow Vault to enable
mlock, or use the `--env SKIP_SETCAP=1` option, to disable mlock
completely, as appropriate for your environment.
## Technical Details
Vault Enterprise's FIPS 140-2 Inside binaries rely on a special version of the