2175135 – Unable to set virtLauncher pod as root via HCO CR

Bug 2175135 - Unable to set virtLauncher pod as root via HCO CR

Summary: Unable to set virtLauncher pod as root via HCO CR

Keywords:
Status:	CLOSED DUPLICATE of bug 2216774
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Virtualization
Sub Component:
Version:	4.13.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.14.0
Assignee:	lpivarc
QA Contact:	Kedar Bidarkar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-03-03 10:22 UTC by Akriti Gupta
Modified:	2023-06-27 07:40 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-06-27 07:40:20 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	kubevirt hyperconverged-cluster-operator pull 2353	0	None	Merged	handle nonRoot -> root FG transition	2023-06-20 13:42:27 UTC
Red Hat Issue Tracker	CNV-26404	0	None	None	None	2023-03-03 10:22:36 UTC

Description Akriti Gupta 2023-03-03 10:22:04 UTC

Description of problem: When setting "nonRoot:false" in HCO CR, it has no effect on virt-launcher pod, pod still run as nonRoot

in 4.13 NonRoot FG is still there but deprecated, so it's still supposed to work 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. set "nonRoot:false" in HCO CR
2. create a vm and start(VM is running)
3. check virt-launcher pod

Actual results:
[akriti@fedora cnv-tests]$ oc get pod virt-launcher-rhel8-ktjjjgjrodifxwui-x6t7b -o yaml | grep -B 2 runAsUser
      runAsNonRoot: true
      runAsUser: 107

Expected results:
      runAsNonRoot: false
      runAsUser: 0

Additional info:

Comment 1 Kedar Bidarkar 2023-03-03 10:25:11 UTC

We see that the NonRoot FG is still there (although deprecated): 
https://github.com/kubevirt/kubevirt/blob/release-0.59/pkg/virt-config/feature-gates.go#L48

Comment 2 Kedar Bidarkar 2023-03-03 10:27:39 UTC

This would cause a problem, as there is no way to configure a Root virt-launcher Pod.

Comment 3 lpivarc 2023-06-27 07:40:20 UTC


*** This bug has been marked as a duplicate of bug 2216774 ***

Note You need to log in before you can comment on or make changes to this bug.