Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veeamVeeam softwareVEEAM:KB4629
HistoryJun 17, 2024 - 12:00 a.m.

Security Context Constraints(SCC) capabilities setting for Generic Storage Backup and Restore with OCP 4.11 or higher

2024-06-1700:00:00
Veeam software
www.veeam.com
3
scc
generic backup
ocp 4.11

AI Score

7.3

Confidence

Low

JSON

Purpose

This article describes Security Context Constraints(SCC) capabilities that need to be added to use Generic Backup and Restore feature capabilities on OCP 4.11 and higher.

Known Issues

With OCP 4.11, default security context constraints (SCC) have changed. Due to this, when using Generic Storage Backup and Restore with OCP 4.11 or higher, the following error message might be seen

Failed to exec command in pod: command terminated with exit code 255

Full error message

[{\"name\":\"FailedSubPhases\",\"value\":[{\"Err\":{\"cause\":{\"cause\":{\"cause\":{\"cause\":{\"cause\":{\"message\":\"{\\\"message\\\":\\\"Failed to backup data\\\",\\\"function\\\":\\\"kasten.io/k10/kio/kanister/function.(*backupDataFunc).Exec\\\",\\\"linenumber\\\":122,\\\"file\\\":\\\"kasten.io/k10/kio/kanister/function/backup_data.go:122\\\",\\\"cause\\\":{\\\"message\\\":\\\"2 errors have occurred\\\",\\\"errors\\\":[{\\\"message\\\":\\\"Failed to create the backup repository\\\",\\\"function\\\":\\\"kasten.io/k10/kio/kopia.CreateKopiaRepository\\\",\\\"linenumber\\\":472,\\\"file\\\":\\\"kasten.io/k10/kio/kopia/repository.go:472\\\",\\\"cause\\\":{\\\"message\\\":\\\"Failed to exec command in pod: command terminated with exit code 255\\\"}},{\\\"message\\\":\\\"Failed to connect to the backup repository\\\",\\\"function\\\":\\\"kasten.io/k10/kio/kopia.ConnectToKopiaRepository\\\",\\\"linenumber\\\":558,\\\"file\\\":\\\"kasten.io/k10/kio/kopia/repository.go:558\\\",\\\"cause\\\":{\\\"message\\\":\\\"Failed to exec command in pod: command terminated with exit code 255\\\"}}]}}\"}

Solution

To continue using the Generic Storage Backup feature on OCP 4.11 and higher and to resolve the error shown above, security context constraints(SCC) capabilities need to be added manually to the container spec as shown below

securityContext:
  capabilities:
    add: ["CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER"]

If container spec changes are not permitted, update the allowedCapabilitiesfield in SCC as shown below

allowedCapabilities:
- CHOWN
- DAC_OVERRIDE
- FOWNER

Note: Backups will be unavailable until the changes are completed

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

AI Score

7.3

Confidence

Low

JSON