OpenShifters,

I'm trying to access CIFS mounts from my OpenShift pods using Origin 3.7 on
CentOS 7.  Here's my setup:

1.  FreeIPA deployed with domain trust to AD (ENT2K12.DOMAIN.COM)
2.  Node is member of FreeIPA domain
3.  On Node:
  a.  Keytab generated
  b.  CIFS share mounted as AD user using uid from IPA - mount -t cifs -o
username=mmos...@ent2k12.domain.com,sec=krb5,version=3.0,uid=160811903,gid=0
//adfs.ent2k12.domain.com/mmosley-share /mount/local-storage/cifs/mmosley
  c.  marked /mount/local-storage/cifs/mmosley as owned by
mmos...@ent2k12.domain.com/root

4.  In OpenShift:
  a.  Enabled hostPath
  b.  Set runAsUser to runAsAny

5.  in my pod added:

securityContext:
    runAsUser: 160811903

And
volumes:
    - name: ext
      hostPath:
        path: /mnt/local-storage/cifs/mmosley
        type: Directory

Once my pod is running, i double check the id :

sh-4.2$ id
uid=160811903 gid=0(root) groups=0(root),1000110000
sh-4.2$

but when i try to access the mount I get permission denied:
drwxrwxrwx.   2 160811903 root   0 Apr 10 13:58 ext

rsh-4.2$ ls /ext/
ls: cannot open directory /ext/: Permission denied

Here's something interesting, if I unmount the volume I'm able to
read/write files and files have the correct ownership.

There's nothing in the selinux audit log.

Any help would be greatly appreciated.

Thanks
Marc
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to