We are deploying LINSTOR in our Kubernetes environment using the latest piraeus-operator. During routine image vulnerability scanning, we observed that the image piraeusdatastore/drbd-shutdown-guard:v1.0.0 contains numerous high and critical vulnerabilities.

This image is used as an init container in the linstor-satellite DaemonSet and executes during pod initialization. While it terminates quickly, it runs with privileged access and mounts sensitive host paths, such as:

• /run/systemd/system/
• /run/dbus/system_bus_socket
• /run/drbd-shutdown-guard

Due to the sensitive nature of its execution environment, we initiated a security review and found the following:

Summary of Observed Vulnerabilities

A selection of high and critical CVEs present in this image includes (but is not limited to):

Note: This list is based on scanning the piraeusdatastore/drbd-shutdown-guard:v1.0.0 image in our private registry as of June 30, 2025.

Usage Context

• Container Role: Init container
• Pod: linstor-satellite
• Deployment method: piraeus-operator (latest)
• Privileges: Runs in privileged mode and accesses host-level system resources

Request

We would like to request:

• An updated version of the piraeusdatastore/drbd-shutdown-guard image with patched base packages to address the above vulnerabilities.

Please let us know if:

• An image update is planned or available.
• Any mitigations are currently in place or recommended.
• Additional information is required from our side.

We appreciate the work of the Piraeus team and look forward to your response on this matter.