Bug 1260943

Summary: Openshift master daemon runs as root
Product: OpenShift Container Platform Reporter: Jaspreet Kaur <jkaur>
Component: RFEAssignee: Scott Dodson <sdodson>
Status: CLOSED WONTFIX QA Contact: Xiaoli Tian <xtian>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0.0CC: aos-bugs, asogukpi, bleanhar, dmcphers, erich, javier.ramirez, jokerman, mbarrett, mluther, mmccomas, mnozell, myllynen, pep, sdodson, sjr
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-12 15:20:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1267746    

Description Jaspreet Kaur 2015-09-08 09:32:57 UTC 
Description of problem:

Openshift master daemon runs as root. The master should not have to run as root though the node have to.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install Openshift Enterprise 3.
2. Below is the process that shows master is running as root :

ps -aux |grep openshift

root      46947 10.6  5.2 1337348 419220 ?      Ssl  ago13 2883:29 /usr/bin/openshift start master --config=/etc/openshift/master/master-config.yaml --loglevel=3

Actual results:

Master is seen running as root.


Expected results:

master should not have to run as root.

Additional info:
Comment 7 Scott Dodson 2016-01-27 20:09:17 UTC 
uid/gid soft allocation requested https://fedorahosted.org/fpc/ticket/594 based on https://fedoraproject.org/wiki/Packaging:UsersAndGroups?rd=Packaging/UsersAndGroups#Soft_static_allocation
Comment 13 Dan McPherson 2017-03-08 15:21:41 UTC 
*** Bug 1430398 has been marked as a duplicate of this bug. ***
Comment 18 Scott Dodson 2018-04-12 15:20:58 UTC 
We're moving control plane components to run as static pods managed on the cluster, once that work is complete we'll look at tightening restrictions on the control plane pods as much as possible.