Description of problem: When using oc debug build pod, has error about "unable to validate against any security context constraint" Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-09-12-230035 How reproducible: already Steps to Reproduce: 1.Using normal user to login openshift 2.Create an apps $oc new-app openshift/ruby:2.5~https://github.com/openshift/ruby-hello-world 3.Run into build pod container $ oc get pods NAME READY STATUS RESTARTS AGE ruby-hello-world-1-build 0/1 Completed 0 2m53s ruby-hello-world-74876787d7-xgqsz 1/1 Running 0 113s $ oc debug pod/ruby-hello-world-1-build Error from server (Forbidden): pods "ruby-hello-world-1-build-debug" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed] Actual results: Cannot login in build pod container Expected results: Should login in build pod container Additional info: If using admin, has no issue.
The errors says it all: Error from server (Forbidden): pods "ruby-hello-world-1-build-debug" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed] As a regular user you can't use hostPath and that is being used during the build process. You need to have extended privilege access in OpenShift to be able to use hostPath mounts. More info about it is here: https://docs.openshift.com/container-platform/4.5/storage/persistent_storage/persistent-storage-hostpath.html