Containers created with cri-o allow non-privileged user to modify filesystem inside containers on OpenShift Container Platform.

Solution Verified - Updated -


  • OCP3.9 installed with cri-o runtime allows non-root users to modify filesystem inside containers. i.e non-root user can wipe entire filesystem of container. OCP with docker do not allow non-root user to alter container filesystem.


  • OpenShift Container Platform 3.9
  • CRI-O

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In