1. Edit the restricted SCC:
$ oc edit scc restricted
runAsUser: type: MustRunAsRangeBut I assume that this is a bad solution. Although it's still not very clear why OpenShift is using a random user inside a container.
From: lorenz vanthillo outlook com
To: john skarbek ca com
CC: users lists openshift redhat com
Subject: RE: Errors: container "x" in pod/x-1-8vhpi is crash-looping
Date: Thu, 25 Feb 2016 12:11:51 +0100
Thanks for the fast reply.
"Running a container with an arbitrary user ID also has the benefit of ensuring that a process which is able to escape the container due to a vulnerability in the container framework will not have specific user permissions on the host system."
The permissions on the server.xml in the container are: -rw-------. 1 root root. Here is a permission error in OpenShift.
How would you change these permissions to make it "world writable"? Isn't it unsave to make it "world writable"?
From: John Skarbek ca com
To: users lists openshift redhat com; lorenz vanthillo outlook com
Subject: Re: Errors: container "x" in pod/x-1-8vhpi is crash-looping
Date: Thu, 25 Feb 2016 10:58:13 +0000
The issue is not that the image is coming from a specific repo, but rather the image itself is not fine tuned for use within openshift. CrashLoop indicates the container was able to start, but then crashed, and subsequent restarts are resulting in the same.
In general your permissions are not set properly for this container to run inside of openshift. I suggest modifying those permissions to being world writable.
For additional information take a look at
On February 25, 2016 at 05:22:21, Lorenz Vanthillo (lorenz vanthillo outlook com) wrote: