It's not the case here. To use the "nonroot" SCC a pod have to explicitly
request under which user it needs to be run:
spec:
containers:
- name: non-root-container
image: non-root-cmd:latest
securityContext:
runAsUser: 500
Without this request, the "restricted" SCC will always be applied because
it's stricter.
Additional information about sorting:
https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#scc-prioritization
2017-09-13 19:09 GMT+02:00 Clayton Coleman <[email protected]>:
> One more thing - numeric uids must be used in a dockerfile if you want
> to use nonroot SCC. Openshift can't trust string users. Setting a
> numeric id is always recommended.
>
> > On Sep 13, 2017, at 11:33 AM, Marcello Lorenzi <[email protected]>
> wrote:
> >
> > HI All,
> > we have created some images with commands executed by user jboss and its
> user id is fixed to 500 into the docker file. If we start the image on
> Origin the image fails for the permission denied. We discovered that Origin
> use a random uid assignment during the image creation, but is it possible
> to fix the user id for a specific user like jboss for all the container?
>
--
Slava Semushin | OpenShift
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
