From 6092601cd1c4afcb55c2a2264a82cb86b31d63df Mon Sep 17 00:00:00 2001 From: Humble Chirammal Date: Fri, 7 Jan 2022 20:44:11 +0530 Subject: [PATCH] rbd: dont attempt explicit permission mod change from the RBD driver currently we are overriding the permission to `0o777` at time of node stage which is not the correct action. That said, this permission change causes an extra permission correction at time of nodestaging by the CO while the FSGROUP change policy has been set to `OnRootMismatch`. Signed-off-by: Humble Chirammal --- internal/rbd/nodeserver.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/internal/rbd/nodeserver.go b/internal/rbd/nodeserver.go index 43c151956bb5..209c4610e30b 100644 --- a/internal/rbd/nodeserver.go +++ b/internal/rbd/nodeserver.go @@ -366,7 +366,6 @@ func (ns *NodeServer) stageTransaction( transaction := &stageTransaction{} var err error - var readOnly bool // Allow image to be mounted on multiple nodes if it is ROX if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY { @@ -421,7 +420,7 @@ func (ns *NodeServer) stageTransaction( transaction.isStagePathCreated = true // nodeStage Path - readOnly, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath) + _, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath) if err != nil { return transaction, err } @@ -436,11 +435,6 @@ func (ns *NodeServer) stageTransaction( return transaction, err } - if !readOnly { - // #nosec - allow anyone to write inside the target path - err = os.Chmod(stagingTargetPath, 0o777) - } - return transaction, err }