Description of problem:
Failed to prevent s2i builder images from running as root
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Build image with Dockerfile set instruction "USER 0" in it
2.Use above built image to do s2i build
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/build/tc499515/test-buildconfig-user0.json
3.Check build status
Build is completed
Build is failed with error in log:
"must specify a user that is numeric and within the range of allowed users"
Also can reproduce on release verson v184.108.40.206.66, so removing regression keyword.
Could not reproduce with default installation (origin 1.5 via oc cluster up).
These builds can be allowed if the cluster admin grants the `builder` service account an elevated security context constraint, such as `anyuid`. Can you please provide the security context constraints applied to the builder service account for these tests?
Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1464356
Pull Request: https://github.com/openshift/ose/pull/1272
features: Basic-Auth GSSAPI Kerberos SPNEGO
# oc logs -f build/ruby-sample-build-user0-1
Cloning "https://github.com/openshift/ruby-hello-world.git" ...
Commit: 7ccd3242c49c3868195ca9400a539fa611111096 (Merge pull request #71 from bparees/gemfile2)
Author: Ben Parees <firstname.lastname@example.org>
Date: Fri Feb 9 18:24:07 2018 -0500
error: build error: image "docker.io/aosqe/ruby-20-centos7:user0" must specify a user that is numeric and within the range of allowed users
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.