-
Bug
-
Resolution: Done
-
Major
-
4.11.z
-
None
-
OCPNODE Sprint 230 (Blue), OCPNODE Sprint 231 (Blue), OCPNODE Sprint 232 (Blue)
-
3
-
Rejected
-
False
-
Description of problem:
After some discussion on #forum-node, I learned there should be a unshare.json secomp profiles ship with cri-o, and thus available on nodes. Looking into a worker node (oc debug …), it turns out there is nothing in /var/lib/kubelet/seccomp/profiles. Doing a `rpm -ql cri-o` clearly shows it should be there though. sh-4.4# rpm -ql cri-o # […] /var/lib/kubelet/seccomp/profiles /var/lib/kubelet/seccomp/profiles/unshare.json sh-4.4# ls -la /var/lib/kubelet/seccomp/profiles/unshare.json ls: cannot access '/var/lib/kubelet/seccomp/profiles/unshare.json': No such file or directory
Version-Release number of selected component (if applicable):
How reproducible:
So far all the node in our cluster (4.11) do not have the file
Steps to Reproduce:
1. oc debug {node} 2. chroot /host 3. ls -la /var/lib/kubelet/seccomp/profiles/unshare.json (not found)
Actual results:
ls: cannot access '/var/lib/kubelet/seccomp/profiles/unshare.json': No such file or directory
Expected results:
A /var/lib/kubelet/seccomp/profiles/unshare.json so that it could be used
Additional info:
- clones
-
OCPBUGS-3391 seccomp profile unshare.json missing from nodes
- Closed