[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: runAsUser.Type values

2017-06-08 19:17 GMT+02:00 Tim Dudgeon <tdudgeon ml gmail com>:
I'm struggling to find a full definition of the different values for the runAsUser.Type option for Security Context Constraints.

It should be here: https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#authorization-RunAsUser
I found mention of MustRunAsRange, RunAsAny and MustRunAsNonRoot.

Is there an option for run as the specified user unless it is root, in which case allocate an id from the range?

I think no, there is no such option.

The behavior that you are requesting could be unexpected for many users. If someone defines that his image needs to be run under root user than he has reason for that. In most cases, it means that if OpenShift will try to run such an image under unprivileged user, container won't start or won't work.

Slava Semushin | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]