Cronjob with 'privileged' scc permissions gets permission denied error on hostPath directory.
Issue
Customer created a cronjob object to create pods that attempt to write files directly to the openshift host and fails to do so.
Adding SCC "privileged" to account
$ oc adm policy add-scc-to-user privileged system:serviceaccount:container-service:default
The cronjob runs with 'privileged' scc. The pod attempts to write to /var/log/container-service and gets the following error:
cannot open directory '/var/log/container-service': Permission denied
Customer sees the following from the terminal within the pod:
$ whoami
root
$ ls -l /var/log
...
drwxrwx---. 2 root group1 6 May 17 15:31 container-service
...
$ ls -l /var/log/container-service
ls: cannot open directory '/var/log/container-service': Permission denied
And this on the host:
$ ls -la /var/log/container-service/
total 4
drwxrwx---. 2 root group2 6 May 17 11:31 .
drwxr-xr-x. 20 root root 4096 May 12 03:38 ..
Environment
Red Hat Openshift Container Platform
- 3.11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.