Have you done "oadm policy reconcile-sccs"? We released 1.1.3 with anyuid not having the SETGID and SETUID caps accidentally, and thus broke this scenario. 1.1.4 will have the change, you can edit your anyuid scc and remove the drop of set(u|g)id caps
On Wed, Mar 9, 2016 at 4:44 PM, Robert Wehner <[email protected]> wrote: > I'm trying to get the official ngnix container running on Origin > (v1.1.2-1-gbe558b1). The container tries to drop the nginx worker process to > run as the 'nginx' user. > > The logs just give this error: > > $ oc logs base-nginx-web-vco0b -c nginx > 2016/03/09 21:18:15 [emerg] 5#5: setgid(107) failed (1: Operation not > permitted) > 2016/03/09 21:18:15 [alert] 1#1: worker process 5 exited with fatal code 2 > and cannot be respawned > > I don't understand the SCC well enough (apparently), but after reading > https://docs.openshift.org/latest/admin_guide/manage_scc.html I felt like > running 'oc edit scc anyuid' and adding the 'default' service account for my > project to the 'users' section was the correct fix. But after doing that and > deleting/restarting the pod, I still get the same error. > > This same pod runs OK in a plain Kubernetes cluster, so I'm pretty sure the > actual RC/Pod definitions are correct. > > Thanks for any pointers, > > -- > Robert Wehner > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
