cephfs: dont set explicit permissions on the volume

At present we are node staging with worldwide permissions which is
not correct. We should allow the CO to take care of it and make
the decision. This commit also remove `fuseMountOptions` and
`KernelMountOptions` as they are no longer needed

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-02-08 09:36:24 +05:30 committed by mergify[bot]
parent c0e70ca8cb
commit 8f6a7da538

View File

@ -164,8 +164,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
log.DebugLog(ctx, "cephfs: mounting volume %s with %s", volID, m.Name()) log.DebugLog(ctx, "cephfs: mounting volume %s with %s", volID, m.Name())
readOnly := "ro" readOnly := "ro"
fuseMountOptions := strings.Split(volOptions.FuseMountOptions, ",")
kernelMountOptions := strings.Split(volOptions.KernelMountOptions, ",")
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY || if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY ||
req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY { req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY {
@ -173,12 +171,10 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
case *mounter.FuseMounter: case *mounter.FuseMounter:
if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) { if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) {
volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly) volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly)
fuseMountOptions = append(fuseMountOptions, readOnly)
} }
case *mounter.KernelMounter: case *mounter.KernelMounter:
if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) { if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) {
volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly) volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly)
kernelMountOptions = append(kernelMountOptions, readOnly)
} }
} }
} }
@ -191,30 +187,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
return status.Error(codes.Internal, err.Error()) return status.Error(codes.Internal, err.Error())
} }
if !csicommon.MountOptionContains(kernelMountOptions, readOnly) &&
!csicommon.MountOptionContains(fuseMountOptions, readOnly) {
// #nosec - allow anyone to write inside the stagingtarget path
err = os.Chmod(stagingTargetPath, 0o777)
if err != nil {
log.ErrorLog(
ctx,
"failed to change stagingtarget path %s permission for volume %s: %v",
stagingTargetPath,
volID,
err)
uErr := mounter.UnmountVolume(ctx, stagingTargetPath)
if uErr != nil {
log.ErrorLog(
ctx,
"failed to umount stagingtarget path %s for volume %s: %v",
stagingTargetPath,
volID,
uErr)
}
return status.Error(codes.Internal, err.Error())
}
}
return nil return nil
} }