[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Openshift Origin and fixed user ID



It's not the case here. To use the "nonroot" SCC a pod have to explicitly request under which user it needs to be run:

spec:
  containers:
  - name: non-root-container
    image: non-root-cmd:latest
    securityContext:
      runAsUser: 500

Without this request, the "restricted" SCC will always be applied because it's stricter.


2017-09-13 19:09 GMT+02:00 Clayton Coleman <ccoleman redhat com>:
One more thing - numeric uids must be used in a dockerfile if you want
to use nonroot SCC.  Openshift can't trust string users.  Setting a
numeric id is always recommended.

> On Sep 13, 2017, at 11:33 AM, Marcello Lorenzi <cello86 gmail com> wrote:
>
> HI All,
> we have created some images with commands executed by user jboss and its user id is fixed to 500 into the docker file. If we start the image on Origin the image fails for the permission denied. We discovered that Origin use a random uid assignment during the image creation, but is it possible to fix the user id for a specific user like jboss for all the container?



--
Slava Semushin | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]