Unable to deploy an APB with privileged security context #351
Comments
|
Initial thoughts are that an APB would specify in their spec whether or not privileged access is needed. |
|
Note that work on refreshing the ManageIQ APB is waiting on this feature. |
rthallisey
added
3.10 | release-1.2
|
@dymurray has anything changed on this? Can apbs access /root? |
|
Nothing has changed with this, still a valid issue. APBs can still not be deployed with a |
|
Could you expand on the use case for this? Why does an APB need to access files in /root/ ? Could the APB's Dockerfile make those files available elsewhere? |
jmrodri
added
feature
3.11 | release-1.3
|
@mhrivnak The intention is more that the APB can declare if it needs elevated permisisons up front so that it is launched in the proper context. I'm unsure if /root/ is a good usecase. It's more about consuming images that weren't meant to be run in the |
jmrodri
removed
the
3.10 | release-1.2
jmrodri
added
3.12 | release-1.4
jmrodri
added
unplanned
openshift-ci-robot
added
kind/bug
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
/close |
|
@jmrodri: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Ability to specify if an APB needs privileged security permissions as opposed to 'restricted' by default
I am unable to provision an APB which accesses files in /root/ on the container
How to reproduce it:
Create an APB and reference a container in the deployment config which requires root access to run the startup binary.
The text was updated successfully, but these errors were encountered: