I'm trying to access CIFS mounts from my OpenShift pods using Origin 3.7 on
CentOS 7.  Here's my setup:

1.  FreeIPA deployed with domain trust to AD (ENT2K12.DOMAIN.COM)
2.  Node is member of FreeIPA domain
3.  On Node:
  a.  Keytab generated
  b.  CIFS share mounted as AD user using uid from IPA - mount -t cifs -o,sec=krb5,version=3.0,uid=160811903,gid=0
// /mount/local-storage/cifs/mmosley
  c.  marked /mount/local-storage/cifs/mmosley as owned by

4.  In OpenShift:
  a.  Enabled hostPath
  b.  Set runAsUser to runAsAny

5.  in my pod added:

    runAsUser: 160811903

    - name: ext
        path: /mnt/local-storage/cifs/mmosley
        type: Directory

Once my pod is running, i double check the id :

sh-4.2$ id
uid=160811903 gid=0(root) groups=0(root),1000110000

but when i try to access the mount I get permission denied:
drwxrwxrwx.   2 160811903 root   0 Apr 10 13:58 ext

rsh-4.2$ ls /ext/
ls: cannot open directory /ext/: Permission denied

Here's something interesting, if I unmount the volume I'm able to
read/write files and files have the correct ownership.

There's nothing in the selinux audit log.

Any help would be greatly appreciated.

users mailing list

Reply via email to