Details
-
Story
-
Resolution: Won't Do
-
Undefined
-
None
-
None
-
None
-
None
-
False
-
False
Description
User Story
As a developer using OpenShift
I want to run builds in a Linux user namespace
So that my build process does not run as the root user on the host
Acceptance Criteria
- Builds are able to opt into running in a user namespace by passing the CRI-O user namespaces annotation to the build pod.
- When the user namespace annotation is passed to the build pod, the Docker build strategy succeeds.
- When the user namespace annotation is passed to the build pod, the Source build strategy succeeds.
Docs Impact
Documentation specific to running builds in user namespaces should be added.
QE Impact
Ideally the build suite in CI can be configured so user namespaces are enabled on worker nodes, and therefore the build behavior can be tested before merging.
PX Impact
Training materials may be needed to instruct customers/CEE on how to run builds with user namespaces.