Running Restic with Velero inside OpenShift OKD

Hi everyone!
I’m wondering if there is someone tried to run restic (with velero) inside OpenShift OKD (I’m using OKD 3.11). There are some problems with permissions - see error

level=error msg=“Error running command=restic backup --repo=s3:http:/domain:9091/velero/restic/testrk25 --password-file=/tmp/velero-restic-credentials-testrk25028609738 --cache-dir=/scratch/.cache/restic . --tag=ns=testrk25 --tag=pod=coffee-679f7c7698-575n6 --tag=pod-uid=0a6cd13d-9726-11e9-addb-00505695f45c --tag=volume=nginx-data --tag=backup=testrk1358 --tag=backup-uid=2a1b8503-9738-11e9-addb-00505695f45c --host=velero, stdout=, stderr=” backup=velero/testrk1358 controller=pod-volume-backup error=“fork/exec /usr/bin/restic: permission denied" error.file=”/go/src/github.com/heptio/velero/pkg/controller/pod_volume_backup_controller.go:232" error.function=“github.com/heptio/velero/pkg/controller.(*podVolumeBackupController).processBackup” logSource=“pkg/controller/pod_volume_backup_controller.go:232” name=testrk1358-4989f namespace=velero

This looks like the binary is missing the execute permission. Make sure you’ve run chmod +x /usr/bin/restic.

Nah, problem was with SCC on SA/Group:
oc adm policy add-scc-to-group privileged system:serviceaccounts:velero
oc adm policy add-scc-to-user privileged -n velero -z velero

Also context definition in ds
securityContext:
privileged: true
runAsUser: 0
dnsPolicy: ClusterFirst

Also right hostPath:
volumes:
- hostPath:
path: /var/lib/origin/openshift.local.volumes/pods
type: “”