On Dec 13, 2017, at 8:36 PM, Nick Bartos (nibartos) <[email protected]> wrote:
I am unable to get a writable hostPath volume for a "privileged: false" container, even when the container's runAsUser owns the directory on the host. The k8s docs say "You either need to run your process as root in a privileged container or modify the file permissions on the host to be able to write to a hostPath volume". I have tried origin via openshift-ansible release-3.6 and master branches. I have tried more permutations than I can remember in the manifest, granting different permissions to the service account, but not matter what, I cannot get anything inside a container to write to the hostPath without setting 'privileged: true' for the container. SELinux is probably preventing you from writing to the host path. Privileged completely bypasses those protections. Marking the hostpath you want to expose as visible to containers should be sufficient (exact selinux chcon-fu escaping me at the minute). Here is a fairly simple example: https://gist.github.com/nbartos/36319ddea5819284d76b667c69d8916f _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
