I was thinking belwo are right steps as per my knowledge

1.       Create a service account

2.       Grant anyuid SCC to this service account

3.       And add sercice account details to dc object

I might be wrong but above steps in my mind. Even I would like to get clarity 
on this topic what is the right approach to run a container using anyuid 

Srinivas Kotaru

From: <users-boun...@lists.openshift.redhat.com> on behalf of Ben Parees 
Date: Thursday, December 1, 2016 at 1:37 PM
To: Akshaya Khare <khare...@husky.neu.edu>, Jordan Liggitt <jligg...@redhat.com>
Cc: users <users@lists.openshift.redhat.com>
Subject: Re: oc new-app with root privileges

On Thu, Dec 1, 2016 at 4:18 PM, Akshaya Khare 
<khare...@husky.neu.edu<mailto:khare...@husky.neu.edu>> wrote:

I created my own image which can use s2i to use git urls for my internal 

The image has been created such that the systemd services will be working, and 
in order to do that the image had to be created with root user.

Now the container spawned from this image only works properly i spawn it with 
the below command:

docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d my-image-name

The container works fine.

Unfortunately, whenever I try to create the container from the openshift ui, it 
creates the pod successfully but it doesn't have access to run it since it 
doesn't run it as a root user.

I tried to provide this command:

oadm policy add-scc-to-user anyuid -z project-name

But still the pod is created without the root user.

Is there any way to run the pod with root user via both cli or ui?

‚Äčassuming your built image defaults to running as root, the adding anyuid scc 
should be all you need to do for the image to run as that user, as far as i 


Thanks & Regards,
Akshaya Khare

users mailing list

Ben Parees | OpenShift
users mailing list

Reply via email to