On Tue, Jul 25, 2017 at 8:49 AM, Pri <[email protected]> wrote:
> Hi Paul, > > thanks for the response. I need to run privileged containers using root > user, so as per you mail I did > > 1) oc adm policy add-scc-to-user privileged root > This is incorrect, the grant needs to be to a service account in your project. From the comment below it looks like you'll be using the "default" service account (which is used when no SA is specified) so the command that should be executed as a cluster admin user from within the project in question is: oc adm policy add-scc-to-user privileged -z default You should then be able to do an oc get scc privileged -o yaml and see your service account in the form of "system:serviceaccount:<your project>:default". >From there you need to set the SecurityContext field in your container spec which is in the pod spec. Since the privileged SCC uses the RunAsAny user strategy it will run with whatever UID is specified in the docker file. If nothing is set it should run as root so you shouldn't have to set anything special there. If a user is set then set the RunAsUser field in the same SecurityContext that you set privileged. > > 2) I have below service account in my project , not sure where to set the > SecurityContext field > builder > default > deployer > > could you please help? > thanks a lot! > > On Tue, Jul 25, 2017 at 6:07 PM, Paul Weil <[email protected]> wrote: > >> You need to both grant access to the privileged SCC >> <https://docs.openshift.org/latest/admin_guide/manage_scc.html#grant-access-to-the-privileged-scc> >> to the service account running the pod and set the >> SecurityContext.Privileged field to true >> <https://docs.openshift.org/latest/rest_api/kubernetes_v1.html#v1-securitycontext> >> . >> >> Thanks! >> >> Paul >> >> On Tue, Jul 25, 2017 at 8:31 AM, Pri <[email protected]> >> wrote: >> >>> Hi , >>> >>> Is there a way we can run docker images on openshift with "--privileged" >>> mode ? >>> >>> Something like we do while running any docker image such as: >>> >>> docker run --privileged <image-name> <command> >>> >>> >>> I tried editing privileged scc but that doesnt work for me . Could you >>> please help if its possible? >>> >>> Thanks, >>> Priy >>> >>> _______________________________________________ >>> dev mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
