[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unable to get hostPath r/w without privileged: true

On Dec 13, 2017, at 8:36 PM, Nick Bartos (nibartos) <nibartos cisco com> wrote:

I am unable to get a writable hostPath volume for a "privileged: false" container, even when the container's runAsUser owns the directory on the host.

The k8s docs say "You either need to run your process as root in a privileged container or modify the file permissions on the host to be able to write to a hostPath volume".  I have tried origin via openshift-ansible release-3.6 and master branches.

I have tried more permutations than I can remember in the manifest, granting different permissions to the service account, but not matter what, I cannot get anything inside a container to write to the hostPath without setting 'privileged: true' for the container.

SELinux is probably preventing you from writing to the host path.  Privileged completely bypasses those protections.  Marking the hostpath you want to expose as visible to containers should be sufficient (exact selinux chcon-fu escaping me at the minute).
users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]