[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Can't use the privileged scc in OpenShift 4.2.16



Hi,

I have been trying to use the privileged scc in OpenShift 4.2.16

I follow the normal way adding an scc to a service account.

oc create sa jira
oc adm policy add-scc-to-user privileged -z jira

But it always ends up using the restricted scc. However, anyuid gets applied successfully.

I read about SCC prioritisation and made a copy of privileged scc and set "priority: 10", and then I was able to use it.

What is the proper way to use the privileged scc? Or is this by design?

PS. I realise using privileged is not recommended, and in my case to make jira work I managed to use a customised version of anyuid that contained the AUDIT_WRITE capability so that "su" would work.  However, I figured it would be good to know why privileged kept getting overridden by "restricted"

Thanks,

Joel

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]