This works: $ cat patch.yaml allowedUnsafeSysctls: - kernel.msg* $ oc patch scc restricted -p "$(cat patch.yaml)" --type=merge securitycontextconstraints.security.openshift.io/restricted patched However, with move of SCC to CRD recently, edit might be broken, investigating.
Related thread, for reference: http://post-office.corp.redhat.com/archives/aos-devel/2019-May/msg00547.html
CRs will not get support for strategic merge patch. We cannot fix it this way. Why does oc user smp in the first place for this CRD? Moving to oc.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922
*** Bug 1783242 has been marked as a duplicate of this bug. ***