https://bugzilla.redhat.com/show_bug.cgi?id=1272146
Jan Chaloupka <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution|--- |NOTABUG Last Closed| |2016-06-23 10:21:49 --- Comment #6 from Jan Chaloupka <[email protected]> --- As mentioned in [1], the solution is to use pod-level SecurityContext: apiVersion: v1 kind: Pod metadata: name: test-pod spec: containers: - name: test image: busybox volumeMounts: - name: "test-volume" mountPath: "/test" readOnly: true command: - "sh" - "-c" - | ls -l /test/test-data cat /test/test-data securityContext: seLinuxOptions: level: "s0:c123,c456" volumes: - name: "test-volume" secret: secretName: "test-secret" SecurityContextDeny must be removed from /etc/kubernetes/apiserver to enable the SecurityContext. More about it [2], [3]. [1] https://github.com/projectatomic/adb-atomic-developer-bundle/issues/117#issuecomment-215313573 [2] http://kubernetes.io/docs/admin/admission-controllers/#securitycontextdeny [3] http://kubernetes.io/docs/user-guide/security-context/ -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ golang mailing list [email protected] https://lists.fedoraproject.org/admin/lists/[email protected]
