Yes, you can create an appropriate SCC without the chroot drop. I would recommend ensuring the SCC matches the use case you want to solve (having more SCC's is not a problem).
On Mon, Jan 30, 2017 at 1:02 PM, Jonathan Yu <jaw...@redhat.com> wrote: > Re-sending to users@lists.openshift.redhat.com > > On Mon, Jan 30, 2017 at 9:52 AM, Jonathan Yu <jaw...@redhat.com> wrote: > >> I'm curious: what's the benefit of chroot when you're already inside a >> container? >> >> On Mon, Jan 30, 2017 at 9:44 AM, Stéphane Klein < >> cont...@stephane-klein.info> wrote: >> >>> Hi, >>> >>> I use Postfix docker image. This image use chroot function. >>> >>> I think after OpenShift 1.2 => 1.3 upgrade, this Postfix container don't >>> working anymore. >>> >>> If I check "oc describe scc anyuid" I see: >>> >>> Required Drop Capabilities: MKNOD,SYS_CHROOT >>> Why chroot capabilities is dropped now? Can I create a new scc with >>> chroot capability? >>> >>> Best regards, >>> Stéphane >>> -- >>> Stéphane Klein <cont...@stephane-klein.info> >>> blog: http://stephane-klein.info >>> cv : http://cv.stephane-klein.info >>> Twitter: http://twitter.com/klein_stephane >>> >>> _______________________________________________ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> >> >> -- >> Jonathan Yu / Software Engineer, OpenShift by Red Hat / 140-character >> rants 'n raves <https://twitter.com/jawnsy> >> >> *“Ever tried. Ever failed. No matter. Try again. Fail again. Fail >> better.”* — Samuel Beckett >> > > > > -- > Jonathan Yu / Software Engineer, OpenShift by Red Hat / 140-character > rants 'n raves <https://twitter.com/jawnsy> > > *“Ever tried. Ever failed. No matter. Try again. Fail again. Fail better.”* > — Samuel Beckett > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users