The subPath volume permission is not correctly set for CephFS volume

OCP 4.12
ODF 4.12

50%-90%

1. oc adm policy add-scc-to-user privileged -z default

2. Create the Pod and the CephFS CSI PVC

$ cat /tmp/test-pv.yaml
apiVersion: v1
kind: Pod
metadata:
  name: rhel7
  labels:
    app: rhel7
spec:
  containers:
  - name: myapp-container
    image: registry.access.redhat.com/ubi7/ubi
    command: ['sh', '-c', 'mkdir /etc/healing-controller.d -p && echo The app is running! && sleep 3600']
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      seLinuxOptions:
        level: s0
    volumeMounts:
    - mountPath: /etc/healing-controller.d/record
      name: local-disks
      subPath: record
    - mountPath: /etc/healing-controller.d/critical-containers-logs
      name: local-disks
      subPath: critical-containers-logs
  volumes:
    - name: local-disks
      persistentVolumeClaim:
        claimName: local-pvc-name
  securityContext:
    fsGroup: 9999
    runAsGroup: 9999
    runAsUser: 9999

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: local-pvc-name
  namespace: test-pv
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: ocs-storagecluster-cephfs
  volumeMode: Filesystem


3. Login to the Pod and check /etc/healing-controller.d/* permissions

sh-4.2$ ls -l /etc/healing-controller.d/

sh-4.2$ ls -l /etc/healing-controller.d/ total 0 drwxrwsr-x. 2 root 9999 0 Mar 30 01:49 critical-containers-logs drwxrwsr-x. 2 root root 0 Mar 30 01:49 record

 sh-4.2$ ls -l /etc/healing-controller.d/ total 0 drwxrwsr-x. 2 root 9999 0 Mar 30 01:47 critical-containers-logs drwxrwsr-x. 2 root 9999 0 Mar 30 01:47 record

Delete the Pod (not PVC) and recreate the Pod will make the permission correct