Bug 2078040 - mon store.db is not accessible due to custom/third-party security context constraint (SCC) [NEEDINFO]
Summary: mon store.db is not accessible due to custom/third-party security context con...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenShift Data Foundation
Classification: Red Hat Storage
Component: ceph
Version: 4.8
Hardware: All
OS: All
medium
medium
Target Milestone: ---
: ---
Assignee: Prashant Dhange
QA Contact: Parikshith
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-04-23 00:42 UTC by kelwhite
Modified: 2023-08-09 16:37 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-03-27 06:27:15 UTC
Embargoed:
pdhange: needinfo? (r.martinez)
pdhange: needinfo? (jbiao)

Attachments (Terms of Use)

Comment 40 mbekhit 2022-09-22 13:24:14 UTC 
The following pods do not have the default SCC's defined by OCS Operator:

 NAME: ocs-operator-68b59c8976-6qkdf

 SCC: anyuid

The SCC (Security Context Constraints) for OCS pods should not be changed to default.

If the SCC's are changed, this can result in existing Ceph volumes giving access denied when trying to read/write.

----------------------------

The following pods have scc set to 'anyuid':

NAME: ocs-operator-68b59c8976-6qkdf:

 SCC: anyuid

The scc (Security Context Constraints) for OCS pods should not be changed to 'anyuid'

after the initial deployment of OCS.

This can cause the problem as the PV may be already configured to a different User ID and

changing scc to anyuid will cause the pod to run with different UID.

This can result in existing Ceph volumes giving Access denied when trying to read/write.

While it will allow creating new volumes.

Currently, the scc change is not acceptable, as the OCS pods cannot handle it.
Note You need to log in before you can comment on or make changes to this bug.