Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-76952

Incorrect specification of UID ranges in nested-container SCC

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • 4.22.0
    • 4.20.z, 4.21.z, 4.22
    • kube-apiserver
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Important
    • None
    • Proposed
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      The nested-container SCC has an incorrect specification of UID ranges, which is why they are completely missing on clusters. What it currently is on OCP 4.20+:

runAsUser:
  type: MustRunAsRange
  ranges:
  - min: 0
    max: 65534

What it should be:

runAsUser:
  type: MustRunAsRange
  uidRangeMin: 0
  uidRangeMax: 65534

      Version-Release number of selected component (if applicable):

      How reproducible:

      Always

      Steps to Reproduce:

      1. oc get scc nested-container -o yaml

[...]
runAsUser:
  type: MustRunAsRange
seLinuxContext:
  seLinuxOptions:
[...]

      Actual results:

      [...]
runAsUser:
  type: MustRunAsRange
seLinuxContext:
  seLinuxOptions:
[...]

      Expected results:

      [...]
runAsUser:
  type: MustRunAsRange
  uidRangeMin: 0
  uidRangeMax: 65534
seLinuxContext:
  seLinuxOptions:
[...]

       

      Additional info:

              pehunt@redhat.com Peter Hunt
              rh-ee-baffolte Benjamin Affolter
              None
              None
              Ke Wang Ke Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: