Hide Forgot
Description of problem: This is a regression of bug 1255022. Remote shell and exec is allowed on privileged pods Version-Release number of selected component (if applicable): openshift v3.0.2.902 kubernetes v1.2.0-alpha.1-1107-g4c8e6f4 etcd 2.1.2 How reproducible: Always Steps to Reproduce: 1. Edit scc to allow privileged pods 2. oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/storage/nfs/nfs-server.yaml 3. oc rsh nfs-server 4. oc exec nfs-server ls Actual results: Step 3 and 4 are both successful Expected results: Step 3 and 4 should fail because the container is prvileged Additional info:
This was changed in https://github.com/openshift/origin/pull/4755 to allow someone who has permissions to create the pod to exec into it. If, by SCC permissions, you could create the pod you're trying to reach you are allowed to use it. This has replaced the blanket denial: https://github.com/openshift/origin/pull/4755/files#diff-05523003a782d7b3b61c2608a29dfb39
Thank you. So this is working correctly as we expect. I was able to exec/rsh to a pod I created.
This fix is available in OpenShift Enterprise 3.1.