Closed goffinet closed 1 year ago
Hello,
Thank you for raising this issue.
Yes, UserSandbox is always set to true. The intention behind is to restrict the directories the agent can access on the container file system. Please let me know if you have are having issues with the default setting.
Thank you
Hello, Thank you for your quick reply.
Yes, we have issues with this default setting.
When UserSanbox is enabled, we get an error for writing to a queue :
BFGTR0072E: The transfer failed to complete due to the exception : BFGIO0216E: An attempt to write to queue "QUEUE_NAME@QMGR" by user "mqm" has been denied.
We use the icr.io/ibm-messaging/mqmft:latest in an Openshift deployment and are obliged to modify the agent.properties after a rollout, to stop and restart the agent inside the container.
We are looking for a way to properly disable this setting. But it seems that we have to change the code of mq-container-mft/cmd/runagent/agentconfig.go.
Can you help us?
Best regards,
Hello, Thank you for the reply. I shall look into the issue. Are you able to use the provided code to build your own custom container image?
Thank you
Hello. Yes, we are able to build our own custom image but we do not want to lose the official IBM support for the MQ MQFT product on Openshift. It should be better for us if the official IBM image can be flexible with this parameter. Best regards,
Thank you.
Just want to let you know, the image published on icr.io/ibm-messaging/mqmft is a "developer" only image, hence no support is provided. For deploying in production, you will need to build your own image. Any issues found with the agent running inside the container will be supported via the regular IBM support channels.
Hope this helps
Best Regards
Thank you for you support. Best regards.
Hello, When I try to fix the userSandboxes property to false for agent.properties it seems it adds automatically the agent.properties at true (https://github.com/ibm-messaging/mq-container-mft/blob/7769ed3e86514c20a401ac88575423fca5adc52c/cmd/runagent/agentconfig.go#L617) :
userSandboxes=true is writed when bridge agent is not configured, Why ?
How can I disable UserSandboxes with the json configmap file ? Thank you for your support.