Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3204

Permission denied when write data to mounted gcp filestore volume instance

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 4.12
    • Storage / Operators
    • None
    • Storage Sprint 227
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-512. The following is the description of the original issue:

      Description of problem:

      Permission denied when write data to mounted gcp filestore volume instance

      Version-Release number of selected component (if applicable):

      gcp-filestore-csi-driver-operator.v4.12.0

      How reproducible:

      Always

      Steps to Reproduce:1.
      2.Deploy gcp filestore csi driver operator
      3.Deploy gcp fiestore csi driver 

      apiVersion: operator.openshift.io/v1
      kind: ClusterCSIDriver
      metadata:
          name: filestore.csi.storage.gke.io
      spec:
        managementState: Managed
        fsGroupPolicy: File

      3.Create pvc/pod

      apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        name: myclaim2
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 2Gi
        storageClassName: 'filestore-example2'

      4.oc rsh pod

      sh-4.4$ touch test
      touch: cannot touch 'test': Permission denied
      sh-4.4$ id
      uid=1000670000(1000670000) gid=0(root) groups=0(root),1000670000
      sh-4.4$ ls -lZ /tmp1
      total 16
      drwx------. 2 root root system_u:object_r:nfs_t:s0 16384 Aug 24 06:16 lost+found

      5.Found that csidriver .spec.fsGroupPolicy is ReadWriteOnceWithFSType

      oc get csidriver/filestore.csi.storage.gke.io -o yaml
      apiVersion: storage.k8s.io/v1
      kind: CSIDriver
      metadata:
        annotations:
          csi.openshift.io/managed: "true"
          operator.openshift.io/spec-hash: 998642f0945b32fa885ab52b567c19b50b957e3628ad1dd0e6280d67913b03f5
        creationTimestamp: "2022-08-24T03:20:52Z"
        name: filestore.csi.storage.gke.io
        resourceVersion: "57160"
        uid: 17a75a4d-89db-4ad6-939e-2965055277bb
      spec:
        attachRequired: false
        fsGroupPolicy: ReadWriteOnceWithFSType
        podInfoOnMount: true
        requiresRepublish: false
        storageCapacity: false
        volumeLifecycleModes:
        - Persistent

      Actual results:

      1. csidriver .spec.fsGroupPolicy is still default value
      2. No root user does not have the write/exec permission after mounted the volume instance.

      Expected results:

      Additional info:

            fbertina@redhat.com Fabio Bertinatto
            openshift-crt-jira-prow OpenShift Prow Bot
            Chao Yang Chao Yang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: