markturansky · markturansky · Nov 10, 2015 · Nov 10, 2015
diff --git a/images/recycler/Dockerfile b/images/recycler/Dockerfile
@@ -9,11 +9,8 @@
 #
 FROM openshift/origin
 
-RUN yum install -y sudo
-
-# Edit sudoers file
-# To avoid error: sudo: sorry, you must have a tty to run sudo
-RUN sed -i -e "s/Defaults    requiretty.*/ #Defaults    requiretty/g" /etc/sudoers
+RUN yum install -y sudo && \
+    sed -i -e "s/Defaults    requiretty.*/ #Defaults    requiretty/g" /etc/sudoers
 
 ADD scripts/recycler.sh /usr/share/openshift/scripts/volumes/recycler.sh
 

diff --git a/images/recycler/scripts/recycler.sh b/images/recycler/scripts/recycler.sh
@@ -35,14 +35,13 @@ find "${dir}" -type f -print0 | xargs -r -n 1 -0 bash -c 'recycle_file "$@"' {}
 function rm_all() {
     filename="${1}"
     uid=$(stat -c "#%u" "${filename}")
-    echo "rm_all '${filename}'"
     sudo -u "${uid}" rm -rf "${filename}"
 }
 export -f rm_all
 
 find "${dir}" ! -type d -print0 | xargs -r -n 1 -0 bash -c 'rm_all "$@"' {}
 
-find "${dir}" -mindepth 1 -type d -print0 | sort -z -k 1 -rg | xargs -r -n 1 -0 bash -c 'rm_all "$@"' {}
+find "${dir}" -mindepth 1 -type d -print0 | sort -zrg | xargs -r -n 1 -0 bash -c 'rm_all "$@"' {}
 
 echo "Scrub OK"
 exit 0
diff --git a/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go b/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go
@@ -19,8 +19,8 @@ const (
 	SecurityContextConstraintNonRootDesc = "nonroot provides all features of the restricted SCC but allows users to run with any non-root UID.  The user must specify the UID or it must be specified on the by the manifest of the container runtime."
 
 	// SecurityContextConstraintHostMountAndAnyUID is used as the name for the system default host mount + any UID scc.
-	SecurityContextConstraintHostMountAndAnyUID     = "hostmountanyuid"
-	SecurityContextConstraintHostMountAndAnyUIDDesc = "hostmount provides all the features of the restricted SCC but allows host mounts and any UID by a pod.  This is primarily used by the persistent volume recycler. WARNING: this SCC allows host file system access.  Grant with caution."
+	SecurityContextConstraintHostMountAndAnyUID     = "hostmount-anyuid"
+	SecurityContextConstraintHostMountAndAnyUIDDesc = "hostmount-anyuid provides all the features of the restricted SCC but allows host mounts and any UID by a pod.  This is primarily used by the persistent volume recycler. WARNING: this SCC allows host file system access as any UID, including UID 0.  Grant with caution."
 
 	// SecurityContextConstraintHostNS is used as the name for the system default scc
 	// that grants access to all host ns features.
@@ -133,7 +133,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
 				// This strategy requires that annotations on the namespace which will be populated
 				// by the admission controller.  If namespaces are not annotated creating the strategy
 				// will fail.
-				Type: kapi.SELinuxStrategyRunAsAny,
+				Type: kapi.RunAsUserStrategyRunAsAny,
 			},
 			FSGroup: kapi.FSGroupStrategyOptions{
 				// This strategy requires that annotations on the namespace which will be populated