From fdc89d848b0e5f1b9554011f986cb38ac3bc8b6f Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 4 Mar 2022 16:53:37 -0500 Subject: [PATCH] coreos-ci: rename anyuid-setfcap SCC SCCs are cluster-scoped, but here we just want an SCC uniquely for use by the `coreos-ci` project. So prefix the SCC name with that. This may have been the root of an issue where we had this SCC defined mulitple times (once here and once in the `fedora-coreos-pipeline` role) and any users added were lost because it was being redefined. The one in `fedora-coreos-pipeline` has since been nuked: https://pagure.io/fedora-infra/ansible/pull-request/989 --- .../coreos-ci/templates/securitycontextconstraints.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml b/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml index a85d3707b9..772d1748a1 100644 --- a/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml +++ b/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml @@ -17,7 +17,7 @@ kind: SecurityContextConstraints metadata: annotations: kubernetes.io/description: custom scc for anyuid + CAP_SETFCAP defaultAddCapability - name: anyuid-setfcap + name: coreos-ci-anyuid-setfcap priority: 10 readOnlyRootFilesystem: false requiredDropCapabilities: