If you're creating a deployment config you need to give the SCC to the service account, not the user. If you create a pod directly via the API, then your user has to have the permission to the SCC. If you did that, double check that the created pods have an annotation that says they were created under the nonroot scc
On Sep 13, 2017, at 12:00 PM, Marcello Lorenzi <[email protected]> wrote: Hi Clayton I have into docker image this commands: && groupadd $APPLICATION_USER \ && useradd -g $APPLICATION_USER -m -d /home/$APPLICATION_USER -s /bin/bash -c 'Application user' $APPLICATION_USER \ && chown -R $APPLICATION_USER:$APPLICATION_USER $TOMCAT_PATH \ && chgrp -R 0 $TOMCAT_PATH \ EXPOSE $TOMCAT_HTTP_PORT USER $APPLICATION_USER On Origin configuration I added the user admin to nonroot SCC. oadm policy add-scc-to-user nonroot admin After this I execute the container but i received an entrypoint permission denied. Marcello On Wed, Sep 13, 2017 at 5:42 PM, Clayton Coleman <[email protected]> wrote: > You would define that in your pod spec, or give the service accounts > in your namespace access to the "nonroot" SCC. > > > On Sep 13, 2017, at 11:33 AM, Marcello Lorenzi <[email protected]> > wrote: > > > > HI All, > > we have created some images with commands executed by user jboss and its > user id is fixed to 500 into the docker file. If we start the image on > Origin the image fails for the permission denied. We discovered that Origin > use a random uid assignment during the image creation, but is it possible > to fix the user id for a specific user like jboss for all the container? > > > > Thanks, > > Marcello > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
