OpenShift gives its administrators the ability to manage a set of security context constraints (SCCs) for limiting and securing their cluster. Security context constraints allow administrators to control permissions for pods using the CLI.
SCCs allow an administrator to control the following:
- Running of privileged containers.
- Capabilities a container can request to be added.
- Use of host directories as volumes.
- The SELinux context of the container.
- The user ID.
- The use of host namespaces and networking.
- Allocating an ‘FSGroup’ that owns the pod’s volumes
- Configuring allowable supplemental groups
- Requiring the use of a read only root file system
- Controlling the usage of volume types
- Configuring allowable seccomp profiles
Want read more? Visit the original article on Red Hat Developers Blog @ http://developers.redhat.com/blog/2016/10/21/understanding-openshift-security-context-constraints/