2018-06-20 8:22 GMT+02:00 Daniel Comnea <[email protected]>: > Thanks Slava for reply. > > For everyone benefit (in case others come across the same issue) it was > all down to my custom scc *priority* which was *null*. Once i set it to a > value higher than 0 ( default 'restricted' scc has 0) then everything > works as expected. >
If it's possible, it's better to modify a pod manifest to explicitly request everything that it expects to have. If your custom SCC was beaten by the "restricted" SCC, it means that for the system these SCCs were recognized as covering everything a pod needs to have. If a pod needs something that the "restricted" SCC doesn't provide, this pod should request for it and "restricted" SCC won't be selected at all because it doesn't fulfill the request. While an approach with priority field works, it could stop working when a user will be granted access to yet another SCC with a higher priority (for example, "anyuid"). HTH -- Slava Semushin | OpenShift
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
