Merge pull request #11549 from liggitt/rsh-error

Merged by openshift-bot
openshift · Oct 25, 2016 · 3f5cad6 · 3f5cad6
2 parents 30a00dc + 892d38c
commit 3f5cad6
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/security/admission/scc_exec.go b/pkg/security/admission/scc_exec.go
@@ -1,6 +1,7 @@
 package admission
 
 import (
+	"fmt"
 	"io"
 
 	oadmission "github.com/openshift/origin/pkg/cmd/server/admission"
@@ -48,7 +49,7 @@ func (d *sccExecRestrictions) Admit(a kadmission.Attributes) (err error) {
 	// we're allowed to use the SA the pod is using.  Otherwise, user-A creates pod and user-B (who can't use the SA) can exec into it.
 	createAttributes := kadmission.NewAttributesRecord(pod, pod, kapi.Kind("Pod").WithVersion(""), a.GetNamespace(), a.GetName(), a.GetResource(), "", kadmission.Create, a.GetUserInfo())
 	if err := d.constraintAdmission.Admit(createAttributes); err != nil {
-		return kadmission.NewForbidden(a, err)
+		return kadmission.NewForbidden(a, fmt.Errorf("%s operation is not allowed because the pod's security context exceeds your permissions: %v", a.GetSubresource(), err))
 	}
 
 	return nil