Tuesday, October 15, 2019

joy of Openshift SCC

if you do

oc describe project

you will see 2 annotations


Even if you specify a "USER 10001" in your Dockerfile, your actual uid will be remapped withing the range specified by those 2 annotations (the second parameter "/10000" is the block length! meaning that you can have 10000 different users starting from uid 1000800000 ) :

sh-4.2$ id
uid=1000800000(root) gid=0(root) groups=0(root),1000800000
sh-4.2$ id root
uid=0(root) gid=0(root) groups=0(root)

and in order for this new user to be a first class citizen in your Linux, you must run a uid_entrypoint script to append it to /etc/passwd

for more details:



