Description of problem:
Upgrading OCP from 4.11 to 4.12 with Datadog installed is stuck due to SCC. The SCC contains: seLinuxContext: seLinuxOptions: level: s0 role: system_r type: spc_t user: system_u type: MustRunAs And the error shown is: ~~~ deployment openshift-operator-lifecycle-manager/package-server-manager has a replica failure FailedCreate: pods "package-server-manager-12a3b4cd5e-1x2y3" is forbidden: violates PodSecurity "restricted:v1.24": seLinuxOptions (pod set forbidden securityContext.seLinuxOptions: type "spc_t"; user may not be set; role may not be set) ~~~
Version-Release number of selected component (if applicable):
4.11
How reproducible:
Upgrading a 4.11 cluster with Datadog installed. The SCC contains: seLinuxContext: seLinuxOptions: level: s0 role: system_r type: spc_t user: system_u type: MustRunAs
Steps to Reproduce:
1. Upgrade a 4.11 cluster to 4.12 with Datadog installed, or an SCC with above `seLinuxOptions`
Actual results:
Upgrade is stuck.
Expected results:
The Datadog SCC (or customer's custom SCCs) should not affect cluster upgrades.
Additional info:
Related KCS [1] [2].
[1] https://access.redhat.com/solutions/7027371
[2] https://access.redhat.com/solutions/7023939
- blocks
-
OCPBUGS-27891 package-server-manager forbidden securityContext.seLinuxOptions: type "spc_t"
-
- Closed
-
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
-
RHBA-2024:0642
OpenShift Container Platform 4.14.z bug fix update
