rbd: dont attempt explicit permission mod change from the RBD driver

currently we are overriding the permission to `0o777` at time of node stage which is not the correct action. That said, this permission change causes an extra permission correction at time of nodestaging by the CO while the FSGROUP change policy has been set to `OnRootMismatch`. Signed-off-by: Humble Chirammal <[email protected]>
ceph · Dec 7, 2021 · 0f9ebc7 · 0f9ebc7
1 parent 20727bd
commit 0f9ebc7
Showing 1 changed file with 1 addition and 7 deletions.
diff --git a/internal/rbd/nodeserver.go b/internal/rbd/nodeserver.go
@@ -374,8 +374,6 @@ func (ns *NodeServer) stageTransaction(
 	transaction := &stageTransaction{}
 
 	var err error
-	var readOnly bool
-
 	// Allow image to be mounted on multiple nodes if it is ROX
 	if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY {
 		log.ExtendedLog(ctx, "setting disableInUseChecks on rbd volume to: %v", req.GetVolumeId)
@@ -429,7 +427,7 @@ func (ns *NodeServer) stageTransaction(
 	transaction.isStagePathCreated = true
 
 	// nodeStage Path
-	readOnly, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
+	_, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
 	if err != nil {
 		return transaction, err
 	}
@@ -455,10 +453,6 @@ func (ns *NodeServer) stageTransaction(
 			}
 		}
 	}
-	if !readOnly {
-		// #nosec - allow anyone to write inside the target path
-		err = os.Chmod(stagingTargetPath, 0o777)
-	}
 
 	return transaction, err
 }