use privileged scc for openshift user
sshd as configured in the gitlab ce image uses UsePrivilegeSeparation
, which requires SYS_CHROOT
permissions. The anyuid
scc does not allow this.
$ oc describe scc anyuid Name: anyuid Priority: 10 Access: Users: system:serviceaccount:gitlab-ce:gitlab-ce-user Groups: system:cluster-admins Settings: Allow Privileged: false Default Add Capabilities: <none> Required Drop Capabilities: MKNOD,SYS_CHROOT <-- ...
However, privileged
does. This PR updates the docs and unifies the method for updating the scc.
As an alternative to this PR, UsePrivilegeSeparation
could be set to no
in the sshd_config
.