Thanks, Clayton. This fixed the issue. I appreciate the quick response. On Wednesday, March 9, 2016, Clayton Coleman <[email protected]> wrote:
> Have you done "oadm policy reconcile-sccs"? We released 1.1.3 with > anyuid not having the SETGID and SETUID caps accidentally, and thus > broke this scenario. 1.1.4 will have the change, you can edit your > anyuid scc and remove the drop of set(u|g)id caps > > On Wed, Mar 9, 2016 at 4:44 PM, Robert Wehner > <[email protected] <javascript:;>> wrote: > > I'm trying to get the official ngnix container running on Origin > > (v1.1.2-1-gbe558b1). The container tries to drop the nginx worker > process to > > run as the 'nginx' user. > > > > The logs just give this error: > > > > $ oc logs base-nginx-web-vco0b -c nginx > > 2016/03/09 21:18:15 [emerg] 5#5: setgid(107) failed (1: Operation not > > permitted) > > 2016/03/09 21:18:15 [alert] 1#1: worker process 5 exited with fatal code > 2 > > and cannot be respawned > > > > I don't understand the SCC well enough (apparently), but after reading > > https://docs.openshift.org/latest/admin_guide/manage_scc.html I felt > like > > running 'oc edit scc anyuid' and adding the 'default' service account > for my > > project to the 'users' section was the correct fix. But after doing that > and > > deleting/restarting the pod, I still get the same error. > > > > This same pod runs OK in a plain Kubernetes cluster, so I'm pretty sure > the > > actual RC/Pod definitions are correct. > > > > Thanks for any pointers, > > > > -- > > Robert Wehner > > > > > > _______________________________________________ > > users mailing list > > [email protected] <javascript:;> > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > -- -- Robert Wehner Return Path
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
