Description of problem: Linux capabilities configured in SCC has no effect. Version-Release number of selected component (if applicable): - How reproducible: Always Steps to Reproduce: 1. Create new project as deployment config using image from this simple dockerfile: FROM debian:bullseye-slim RUN apt-get update && \ apt-get install -y libcap2-bin iputils-ping iproute2 && \ useradd uv --shell /bin/bash --create-home && \ setcap cap_net_admin+ep /bin/ip && \ setcap cap_net_raw+ep /bin/ping CMD ["/bin/ping","google.com"] 2. Create scc using following config: allowedCapabilities: ["*"] defaultAddCapabilities: ["NET_RAW", "NET_ADMIN"] requiredDropCapabilities: [] 3. Apply the scc to service account 4. Apply the service account to deployment config 5. After pod is running, get inside container & execute: /bin/ip xfrm policy flush Actual results: RTNETLINK answers: Operation not permitted Expected results: ip command should work
OpenShift has moved to Jira for its defect tracking! This bug can now be found in the OCPBUGS project in Jira. https://issues.redhat.com/browse/OCPBUGS-9078