[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pods randomly running as root



A pod that IS running as root have this:

  securityContext:
    fsGroup: 1000370000
    seLinuxOptions:
      level: s0:c19,c14

Another pod in the same project that is NOT running as root has the exact same securityContext section.

On Mon, Feb 6, 2017 at 10:25 AM, Clayton Coleman <ccoleman redhat com> wrote:
Do the pods themselves have a user UID set on them?  Each pod should have the container "securityContext" field set and have an explicit user ID value set.

On Mon, Feb 6, 2017 at 11:23 AM, Alex Wauck <alexwauck exosite com> wrote:
These are completely normal app containers.  They are managed by deploy configs.  Whether they run as root or not seems to depend on which node they run on: the older nodes seem to run pods as random UIDs, while the newer ones run as root.  Our older nodes have docker-selinux-1.10.3 installed, while the newer ones do not.  They only have docker-selinux-1.9.1 available, since the 1.10.3 package seems to have been removed from the CentOS extras repo.

We are running OpenShift 1.2.1, since I haven't had time to upgrade it.

On Mon, Feb 6, 2017 at 8:31 AM, Clayton Coleman <ccoleman redhat com> wrote:
Are you running them directly (launching a pod)?  Or running them under another controller resource.

On Feb 6, 2017, at 2:00 AM, Alex Wauck <alexwauck exosite com> wrote:

Recently, I began to notice that some of my pods on OpenShift run as root instead of a random UID.  There does not seem to be any obvious cause (e.g. SCC).  Any idea how this could happen or where to look for clues?

--
Alex Wauck // DevOps Engineer

E X O S I T E 
www.exosite.com 

Making Machines More Human.
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



--
Alex Wauck // DevOps Engineer

E X O S I T E 
www.exosite.com 

Making Machines More Human.




--
Alex Wauck // DevOps Engineer

E X O S I T E 
www.exosite.com 

Making Machines More Human.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]