Which steps help ensure a container runs as a non-root user in OpenShift?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Red Hat Openshift Developer EX288 Exam. Study with comprehensive quizzes and flashcards. Each question includes hints and explanations to enhance your understanding. Ace your exam with confidence!

Multiple Choice

Which steps help ensure a container runs as a non-root user in OpenShift?

Explanation:
OpenShift enforces non-root execution through SecurityContextConstraints, so you ensure a container runs as a non-root by building the image to include a specific non-root UID and configuring the pod to run as that user. In practice, you set the container to run as a non-root UID (runAsUser) and enable runAsNonRoot in the security context, while making sure the image has that user and the filesystem permissions are appropriate for that user. The SCC must permit non-root runs, and with runAsNonRoot set, OpenShift will prevent the container from starting if it would run as root. This combination guarantees the process cannot elevate to root, aligning the runtime with OpenShift security policies. Relying on an environment variable to disable root usage isn’t reliable, and disabling security constraints would defeat the purpose of the policy.

OpenShift enforces non-root execution through SecurityContextConstraints, so you ensure a container runs as a non-root by building the image to include a specific non-root UID and configuring the pod to run as that user. In practice, you set the container to run as a non-root UID (runAsUser) and enable runAsNonRoot in the security context, while making sure the image has that user and the filesystem permissions are appropriate for that user. The SCC must permit non-root runs, and with runAsNonRoot set, OpenShift will prevent the container from starting if it would run as root. This combination guarantees the process cannot elevate to root, aligning the runtime with OpenShift security policies. Relying on an environment variable to disable root usage isn’t reliable, and disabling security constraints would defeat the purpose of the policy.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy