By default openshift will run you as a high uid (not a non-root user).
You can add the service account to the "nonroot" security context to
get the ability to run as the couchdb user (although if the container
doesn't set the USER directive you will still get assigned a UID):
oadm policy add-scc-to-user nonroot -z default
You may have to edit the pod template in the DC to set an explicit
user (whatever the UID for couchdb is under
container.securityContext.runAsUser=UID)
On Mon, Feb 15, 2016 at 6:34 AM, Candide Kemmler
<[email protected]> wrote:
> I get a bunch of "Operation not permitted" errors as I am trying to deploy a
> docker container from docker.io:
>
> chown: changing ownership of '/usr/local/var/lib/couchdb/lost+found':
> Operation not permitted
> chown: changing ownership of '/usr/local/var/lib/couchdb': Operation not
> permitted
> chown: changing ownership of '/usr/local/var/log/couchdb': Operation not
> permitted
> chown: changing ownership of '/usr/local/var/run/couchdb': Operation not
> permitted
> chown: changing ownership of '/usr/local/etc/couchdb/default.ini': Operation
> not permitted
> chown: changing ownership of '/usr/local/etc/couchdb/local.d': Operation not
> permitted
> chown: changing ownership of '/usr/local/etc/couchdb/local.ini': Operation
> not permitted
> chown: changing ownership of '/usr/local/etc/couchdb/default.d': Operation
> not permitted
> chown: changing ownership of '/usr/local/etc/couchdb': Operation not
> permitted
>
> The Dockerfile indeed has instructions to change the permissions inside of
> the container:
>
> [...]
>
> && chown -R couchdb:couchdb \
> /usr/local/lib/couchdb /usr/local/etc/couchdb \
> /usr/local/var/lib/couchdb /usr/local/var/log/couchdb
> /usr/local/var/run/couchdb \
> && chmod -R g+rw \
> /usr/local/lib/couchdb /usr/local/etc/couchdb \
> /usr/local/var/lib/couchdb /usr/local/var/log/couchdb
> /usr/local/var/run/couchdb \
>
> [...]
>
> Note that selinux is disabled on my cluster's machines.
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
