Cronjob with 'privileged' scc permissions gets permission denied error on hostPath directory.

Solution Verified - Updated -

Issue

Customer created a cronjob object to create pods that attempt to write files directly to the openshift host and fails to do so.

Adding SCC "privileged" to account

$ oc adm policy add-scc-to-user privileged system:serviceaccount:container-service:default

The cronjob runs with 'privileged' scc. The pod attempts to write to /var/log/container-service and gets the following error:

cannot open directory '/var/log/container-service': Permission denied

Customer sees the following from the terminal within the pod:

$ whoami
root

$ ls -l /var/log
...
drwxrwx---. 2 root group1      6 May 17 15:31 container-service
...

$ ls -l /var/log/container-service
ls: cannot open directory '/var/log/container-service': Permission denied

And this on the host:

$ ls -la /var/log/container-service/
total 4
drwxrwx---.  2 root group2    6 May 17 11:31 .
drwxr-xr-x. 20 root root   4096 May 12 03:38 ..

Environment

Red Hat Openshift Container Platform
- 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content