[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Permissions problem mounting file from ConfigMap

A belated update on this.

The problem with using subPath is due to a SELinux issue in the kernel.

There is an issue about it at:


Whether you see it will depend on how SELinux is setup I guess.

The only work around would be to mount it as a directory '..data' in the target directory, and then you create a symlink from startup run script in your source code to symlink the file in the '..data' directory into the parent. Know of no other solution at this point.


On 9 Dec 2017, at 8:36 pm, Tim Dudgeon <tdudgeon ml gmail com> wrote:

If you mount onto a new directory you get the same problem.
It only seems to happen when specifying a subPath as follows:

            - mountPath: /usr/local/tomcat/webapps/portal/META-INF/context.xml
              name: squonk-sso-config
              subPath: context.xml
              readOnly: true

If the whole configMap is mounted to a directory the contents are readable.

And as mentioned already, if you do this in Minishift it works fine.

On 09/12/17 02:16, Graham Dumpleton wrote:
The permissions is correct. It is shown as decimal, not the octal you are setting it with.

'%o' % 420

What happens when you mount the configmap onto a directory separate from anything else?


On 9 Dec 2017, at 4:02 am, Tim Dudgeon <tdudgeon ml gmail com> wrote:

More on this.

I find when I look a the deployment yaml that the volume ends up looking like this:

        - configMap:
            defaultMode: 420
            name: squonk-sso-config
          name: squonk-sso-config

This is despite `oc explain pod.spec.volumes.configMap` stating that the default for defaultMode is 0644.

Even when I specify defaultMode: 0644 in the template it ends up being 420.

Any idea what's going on?

On 08/12/17 16:44, Tim Dudgeon wrote:
Hi All,

I'm having a problem mounting a file from a ConfigMap when running on an Openshift origin environment, but when doing the same on Minishift it works fine.

I'm mounting the context.xml file from the ConfigMap into the container like this:

        - image: ...
            - mountPath: /usr/local/tomcat/webapps/portal/META-INF/context.xml
              name: my-configmap-vol
              subPath: context.xml
              readOnly: true
          - name: my-configmap-vol
              name: squonk-sso-config

Within the container the file is there but has permissions problems:

# ls -l
ls: cannot access 'context.xml': Permission denied
total 4
-rw-r--r--. 1 root root 104 Dec  5 12:48 MANIFEST.MF
-?????????? ? ?    ?      ?            ? context.xml

Any idea what's the problem?

users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]