-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.12.z
Description of problem:
whoami command fails in openshift 4.12 pod
Version-Release number of selected component (if applicable):
4.12
How reproducible:
deploy a pod with given steps
Steps to Reproduce:
1. Create a new project
2. # pod with this image does NOT print uid successfully
apiVersion: v1
kind: Pod
metadata:
name: testsshiso
namespace: jmorenas-dev
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: testssh
image: registry.redhat.io/ansible-automation-platform-23/ee-minimal-rhel8:1.0.0-274
command: ["whoami"]
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
3. Then check the logs for the newly spawned pods, and you will see it does not returns the uid.
4 whereas, if you use another image like registry.access.redhat.com/ubi9/ubi it will return UID.
Actual results:
registry.redhat.io/ansible-automation-platform-23/ee-minimal-rhel8:1.0.0-274 not returning userid in /etc/passwd
Expected results:
registry.redhat.io/ansible-automation-platform-23/ee-minimal-rhel8:1.0.0-274 should return userid in /etc/passwd as its permission is differ from other images (correct one is 644, but its permission is 664)
Additional info:
The permissions on the "/etc/passwd" files differ on both images. The AAP image has 664 whereas the UBI image has 644. AAP pod: sh-4.4$ ls -l /etc/passwd; -rw-rw-r--. 1 root root 533 Mar 7 00:15 /etc/passwdubi9 pod: sh-5.1$ ls -l /etc/passwd; -rw-r--r--. 1 root root 837 Jul 6 10:57 /etc/passwd
- links to