[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Can I configure a SCC to allow container to access to CephFS volume without SELinux attributes support?



Hi,

I use CephFS volume but this volume don't support SELinux attributes:

-bash-4.2# ls -lZ /var/lib/origin/openshift.local.volumes/pods/6726536a-5735-11e7-aef3-005056b1755a/volumes/kubernetes.io~cephfs/pv-ceph-prod-rbx-fs1
drwxr-xr-x root root ?                                foo

It is possible to configure a SCC to allow container to access to this volume?

This my SCC but I have this error:

$ oc rsh test-cephfs-4-mn53h bash
root test-cephfs-4-mn53h:/# ls /cephfs/
ls: cannot open directory '/cephfs/': Permission denied

apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: v1
  kind: SecurityContextConstraints
  metadata:
    name: test-cephfs
  priority: 1
  requiredDropCapabilities: null
  readOnlyRootFilesystem: false
  runAsUser:
    type: RunAsAny
  seLinuxContext:
    type: RunAsAny
  supplementalGroups:
    type: RunAsAny
  seccompProfiles:
  - '*'
  supplementalGroups:
    type: RunAsAny
  fsGroup:
    type: RunAsAny
  users:
  - system:serviceaccount:test-cephfs:default
  volumes:
  - cephFS
  - configMap
  - emptyDir
  - nfs
  - persistentVolumeClaim
  - rbd
  - secret
  allowHostDirVolumePlugin: true
  allowHostIPC: true
  allowHostNetwork: true
  allowHostPID: true
  allowHostPorts: true
  allowPrivilegedContainer: true
  allowedCapabilities: null

Best regards,
Stéphane

--

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]