-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.13.z
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
No
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
When running a container with the kata runtime and setting up a block device, the device appears in the container with permissions set to 0. The kata agent, creating this device in the VM, is applying the file mode provided in the spec file by cri-o - this field is not filled by cri-o, and defaults to 0.This PR makes sure that the device's permission is provided in the spec, so that the agent can apply them appropriately.
Version-Release number of selected component (if applicable):
1.26
How reproducible:
run a kata containers pod with a block device attached
Steps to Reproduce:
1.install OSC 2.run a pod with runtimeClass: kata and add a volumeDevice volumeDevices: - name: data devicePath: /dev/xvdb volumes: - name: data persistentVolumeClaim: claimName: block-pvc
Actual results:
failed to open device "permission denied"
Expected results:
user can access volume
Additional info:
tracked in Kata project as https://issues.redhat.com/browse/KATA-2285 github issue: https://github.com/cri-o/cri-o/pull/7157