Skip to content

Commit

Permalink
rbd: dont attempt explicit permission mod change from the RBD driver
Browse files Browse the repository at this point in the history
currently we are overriding the permission to `0o777` at time of node
stage which is not the correct action. That said, this permission
change causes an extra permission correction at time of nodestaging
by the CO while the FSGROUP change policy has been set to
`OnRootMismatch`.

Signed-off-by: Humble Chirammal <[email protected]>
  • Loading branch information
humblec committed Jan 7, 2022
1 parent 9d34809 commit 318629b
Showing 1 changed file with 1 addition and 7 deletions.
8 changes: 1 addition & 7 deletions internal/rbd/nodeserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -366,7 +366,6 @@ func (ns *NodeServer) stageTransaction(
transaction := &stageTransaction{}

var err error
var readOnly bool

// Allow image to be mounted on multiple nodes if it is ROX
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY {
Expand Down Expand Up @@ -421,7 +420,7 @@ func (ns *NodeServer) stageTransaction(
transaction.isStagePathCreated = true

// nodeStage Path
readOnly, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
_, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
if err != nil {
return transaction, err
}
Expand All @@ -436,11 +435,6 @@ func (ns *NodeServer) stageTransaction(
return transaction, err
}

if !readOnly {
// #nosec - allow anyone to write inside the target path
err = os.Chmod(stagingTargetPath, 0o777)
}

return transaction, err
}

Expand Down

0 comments on commit 318629b

Please sign in to comment.