mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-26 00:00:23 +00:00
cephfs: dont set explicit permissions on the volume
At present we are node staging with worldwide permissions which is not correct. We should allow the CO to take care of it and make the decision. This commit also remove `fuseMountOptions` and `KernelMountOptions` as they are no longer needed Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
c0e70ca8cb
commit
8f6a7da538
@ -164,8 +164,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
|
|||||||
log.DebugLog(ctx, "cephfs: mounting volume %s with %s", volID, m.Name())
|
log.DebugLog(ctx, "cephfs: mounting volume %s with %s", volID, m.Name())
|
||||||
|
|
||||||
readOnly := "ro"
|
readOnly := "ro"
|
||||||
fuseMountOptions := strings.Split(volOptions.FuseMountOptions, ",")
|
|
||||||
kernelMountOptions := strings.Split(volOptions.KernelMountOptions, ",")
|
|
||||||
|
|
||||||
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY ||
|
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY ||
|
||||||
req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY {
|
req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY {
|
||||||
@ -173,12 +171,10 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
|
|||||||
case *mounter.FuseMounter:
|
case *mounter.FuseMounter:
|
||||||
if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) {
|
if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) {
|
||||||
volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly)
|
volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly)
|
||||||
fuseMountOptions = append(fuseMountOptions, readOnly)
|
|
||||||
}
|
}
|
||||||
case *mounter.KernelMounter:
|
case *mounter.KernelMounter:
|
||||||
if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) {
|
if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) {
|
||||||
volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly)
|
volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly)
|
||||||
kernelMountOptions = append(kernelMountOptions, readOnly)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -191,30 +187,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
|
|||||||
|
|
||||||
return status.Error(codes.Internal, err.Error())
|
return status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
if !csicommon.MountOptionContains(kernelMountOptions, readOnly) &&
|
|
||||||
!csicommon.MountOptionContains(fuseMountOptions, readOnly) {
|
|
||||||
// #nosec - allow anyone to write inside the stagingtarget path
|
|
||||||
err = os.Chmod(stagingTargetPath, 0o777)
|
|
||||||
if err != nil {
|
|
||||||
log.ErrorLog(
|
|
||||||
ctx,
|
|
||||||
"failed to change stagingtarget path %s permission for volume %s: %v",
|
|
||||||
stagingTargetPath,
|
|
||||||
volID,
|
|
||||||
err)
|
|
||||||
uErr := mounter.UnmountVolume(ctx, stagingTargetPath)
|
|
||||||
if uErr != nil {
|
|
||||||
log.ErrorLog(
|
|
||||||
ctx,
|
|
||||||
"failed to umount stagingtarget path %s for volume %s: %v",
|
|
||||||
stagingTargetPath,
|
|
||||||
volID,
|
|
||||||
uErr)
|
|
||||||
}
|
|
||||||
|
|
||||||
return status.Error(codes.Internal, err.Error())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user