Privileged containers are not allowed

Solution Unverified - Updated -


  • Got the error messages at Events section when building up pods through DaemonSet.
# oc describe ds


  FirstSeen     LastSeen        Count   From            SubObjectPath   Type            Reason          Message
  ---------     --------        -----   ----            -------------   --------        ------          -------
  2h            6m              51      daemon-set                      Warning         FailedCreate    Error creating: pods "logging-apps-" is forbidden: unable to validate against any security context constraint: [spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used provider restricted: .spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]
  • Definition of the DaemonSet is as follows.
oc get ds -o yaml
apiVersion: v1
- apiVersion: extensions/v1beta1
  kind: DaemonSet
    ... snip ...
        - env:
        ... snip ...
            privileged: true
        ... snip ...
        serviceAccount: sa-logging-apps
        serviceAccountName: sa-logging-apps
  • There is a service account in the project running the DaemonSet deployment.
# oc get sa
NAME                  SECRETS   AGE
builder               2         2h
default               2         2h
deployer              2         2h
logging-apps          2         2h
  • logging-apps service account has the privileged permission.
# oc describe scc privileged

Name:                       privileged
Priority:                   <none>
  Users:                    system:serviceaccount:openshift-infra:build-controller,system:serviceaccount:management-infra:management-admin,system:serviceaccount:management-infra:inspector-admin,system:serviceaccounts:logging-apps:logging-apps
  Groups:                   system:cluster-admins,system:nodes,system:masters


  • OpenShift Container Platform
    • 3.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content