Open rauanmayemir opened 6 days ago
Do you have a /run
on your image? How is it mounted?
I do have it, it's an emptyDir
mount:
- mountPath: /run
name: scratch-volume
subPath: run
Upon building the image, I verified that it's properly owner by my user. But in runtime /run
's owner is changed to root
, even though I've set pod's security context to the least privileged.
OK, two more questions (to inform my diagnosis):
S6_READ_ONLY_ROOT
set to 1?S6_VERBOSITY
set to 2 or more, early on you should see preinit
lines with container permissions and /run
permissions. Can you please reproduce them here?Thanks.
Yes, I set S6_READ_ONLY_ROOT
to 1. Will upgrade again tomorrow and collect the details.
Bumping the image from
v3.1.6.2
tov3.2.0.2
resulted in containers failing with:I'm running the pod under a non-privileged uid 999 with read-only root fs, relevant dirs have all the proper chowns, everything worked fine before the upgrade.