vohtaski
commented
6 years ago Had the same issue. You should used "privileged: true" option in kubernetes config
Closed hulu1522 closed 6 years ago
vohtaski
commented
6 years ago Had the same issue. You should used "privileged: true" option in kubernetes config
sjiveson
commented
6 years ago Thanks for the response @vohtaski its appreciated. Closing.
bronger
commented
6 years ago Given that https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container shows that k8s now can defined the capabilities of pods more fine-grained than just “privileged: true”, which capabilities are needed for nfs-server-alpine?
sjiveson
commented
6 years ago My understanding is that CAP_SYS_ADMIN is all that is required. I can confirm later today.
sjiveson
commented
6 years ago No, doesn't work without --privileged I'm afraid.
bronger
commented
6 years ago Okay. Thank you for the information!
claflico
commented
6 years ago @sjiveson
No, doesn't work without --privileged I'm afraid.
FYI, I ran into the same issue with Rancher Server running on CentOS if you want to add it to the documentation.
sjiveson
commented
6 years ago Updated the readme with lots more information I'm sure people with find useful, thanks for the suggestion.
chux0519
commented
4 years ago I encountered a situation today
Server A: Debian, kernel version 4.9 Server B: Ubuntu, kernel version 4.15
For Server A, both
privileged: trueand
cap_add:
- SYS_ADMIN
- SETPCAPworks.
But For Server B
cap_add:
- SYS_ADMIN
- SETPCAPnot working.
Record here, in case it might help someone
lordjea2
commented
3 years ago I encountered a situation today
Server A: Debian, kernel version 4.9 Server B: Ubuntu, kernel version 4.15
For Server A, both
privileged: trueand
cap_add: - SYS_ADMIN - SETPCAPworks.
But For Server B
cap_add: - SYS_ADMIN - SETPCAPnot working.
Record here, in case it might help someone
In addition for OpenShift this help me to solve the issue
...
spec:
containers:
securityContext:
fsGroup: 0
capabilities:
add: ["NET_ADMIN", "SYS_TIME", "SYS_ADMIN"]
privileged: true
...
ahmadsyahidr
commented
3 years ago In addition for OpenShift this help me to solve the issue
... spec: containers: securityContext: fsGroup: 0 capabilities: add: ["NET_ADMIN", "SYS_TIME", "SYS_ADMIN"] privileged: true ...
In OpenShift, I still got this error even after enable those 3 capabilities.
My pods capsh shown this:
/ # capsh --print Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_admin,cap_sys_chroot,cap_sys_admin,cap_sys_time=eip Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_admin,cap_sys_chroot,cap_sys_admin,cap_sys_time Ambient set = Current IAB: cap_chown,cap_dac_override,!cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,!cap_linux_immutable,cap_net_bind_service,!cap_net_broadcast,cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,cap_sys_chroot,!cap_sys_ptrace,!cap_sys_pacct,cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_setfcap,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf Securebits: 00/0x0/1'b0 (no-new-privs=0) secure-noroot: no (unlocked) secure-no-suid-fixup: no (unlocked) secure-keep-caps: no (unlocked) secure-no-ambient-raise: no (unlocked) uid=0(root) euid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
Any suggestion guys ?
I am trying to run this container in Kubernetes but there is an error that is logged when starting the NFS service. It also looks like the port is not listening.
Error:
Complete startup logs: