Sorry, forgot to put blog link
This is the blog post am using to refer steps mentioned here. I didn’t tested yet but this article talking about how to run an container using anyuid SCC privileges
I'll check this reference.
our developers in the team will need to start a service once the container is up.
But the systemd is only accessible for my image if it is run as root.
Maybe I can try adding this startup script into the docker file as well.
I'll check both and let you know...
On Fri, Dec 2, 2016 at 4:47 PM, Ben Parees <bparees redhat com> wrote:
On Fri, Dec 2, 2016 at 4:35 PM, Akshaya Khare <khare ak husky neu edu> wrote:
I tried using the suggestions you guys gave but some how its still failing.
On further analysis I understood that this is not actually the image which I created.
Since I'm using source2image, the github source is being mapped on to my image which has root privileges.
Now my image creates a build and then a new pod is spawned up using that build.
Is there some other configuration within these steps which allows me to run the pod as a root user?
Or these steps have nothing to do with the user issue i'm facing?
you can control the user the pod runs as by setting the pod's security context:
but it would be better to try to understand why your image needs to run as root and change file/etc permissions so that it does not require that.
On Thu, Dec 1, 2016 at 6:31 PM, Srinivas Naga Kotaru (skotaru) <skotaru cisco com> wrote:
I was thinking belwo are right steps as per my knowledge
1. Create a service account
2. Grant anyuid SCC to this service account
3. And add sercice account details to dc object
I might be wrong but above steps in my mind. Even I would like to get clarity on this topic what is the right approach to run a container using anyuid priviligies
On Thu, Dec 1, 2016 at 4:18 PM, Akshaya Khare <khare ak husky neu edu> wrote:
I created my own image which can use s2i to use git urls for my internal projects.
The image has been created such that the systemd services will be working, and in order to do that the image had to be created with root user.
Now the container spawned from this image only works properly i spawn it with the below command:
docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:
ro -d my-image-name
The container works fine.
Unfortunately, whenever I try to create the container from the openshift ui, it creates the pod successfully but it doesn't have access to run it since it doesn't run it as a root user.
I tried to provide this command:
oadm policy add-scc-to-user anyuid -z project-name
But still the pod is created without the root user.
Is there any way to run the pod with root user via both cli or ui?
assuming your built image defaults to running as root, the adding anyuid scc should be all you need to do for the image to run as that user, as far as i know.
users mailing list
users lists openshift redhat
Ben Parees | OpenShift
Ben Parees | OpenShift