The effective UID the container uses depends on who is launching the container and what SecurityContextConstraints (SCC) they have access to.
Generally, a non-privileged user on a cluster using the default SecurityContextConstraints will have a UID set on their pod that is a non-root UID. If you created a pod as an admin user or with a service account that has access to SCCs that allow running as root you can run run the container as root. You can view which SCC the pod validated against by looking at the annotations on the pod (oc get pod <name> -o json|yaml) Info on how SCCs are sorted if you have access to multiple: https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#scc-prioritization On Tue, Jan 19, 2016 at 10:49 AM, Rishi Misra <[email protected]> wrote: > Hello - as per: > https://hub.docker.com/r/openshift/origin-custom-docker-builder/: > "Containers run as a non-root unique user that is separate from other > system users" > > In my experience I was able to run my Docker app image as a root user in > OpenShift without modifying any security context. Perhaps there is > something about the statement above that I do not understand very well. > Could someone please clarify if all Docker images running in OpenShift need > to be non-root?. > > Thanks. > > _______________________________________________ > dev mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
