From db634694de860c21c2ef7c7f7896c8fddc85efd5 Mon Sep 17 00:00:00 2001 From: Jaesang Lee Date: Thu, 21 Sep 2017 16:53:22 +0900 Subject: [PATCH] Cinder-backup can request to be run as SYS_ADMIN capability. cinder-backup process should be able to run privsep daemon and it required SYS_ADMIN capability. Change-Id: Ife6fd3ae921078d64a63d15cee6b389ab26b8a4b Closes-bug: 1718599 --- cinder/templates/deployment-backup.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml index e79ffafa8a..7e9c7e40dd 100644 --- a/cinder/templates/deployment-backup.yaml +++ b/cinder/templates/deployment-backup.yaml @@ -68,6 +68,8 @@ spec: {{ tuple $envAll $envAll.Values.pod.resources.backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} securityContext: runAsUser: {{ .Values.pod.user.cinder.uid }} + capabilities: + add: ["SYS_ADMIN"] command: - /tmp/cinder-backup.sh volumeMounts: