mirror of
https://github.com/cozystack/cozystack.git
synced 2026-03-02 22:59:06 +00:00
6576b3bb87
Instead of using per-Package SSA field owners (which is a workaround relying on SSA mechanics), properly resolve whether a namespace should be privileged by iterating all PackageSources and their active Packages. A namespace gets the privileged PodSecurity label if ANY Package has a component with privileged: true installed in it. This fixes the race condition where Packages sharing a namespace (e.g. linstor and linstor-scheduler in cozy-linstor) would overwrite each other's labels depending on reconciliation order. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>