cephfs: dont set explicit permissions on the volume

At present we are node staging with worldwide permissions which is
not correct. We should allow the CO to take care of it and make
the decision. This commit also remove `fuseMountOptions` and
`KernelMountOptions` as they are no longer needed

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 8f6a7da538)
This commit is contained in:
Humble Chirammal 2022-02-08 09:36:24 +05:30 committed by mergify[bot]
parent 3338a1013b
commit cb09617437

View File

@ -164,8 +164,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
log.DebugLog(ctx, "cephfs: mounting volume %s with %s", volID, m.Name()) log.DebugLog(ctx, "cephfs: mounting volume %s with %s", volID, m.Name())
readOnly := "ro" readOnly := "ro"
fuseMountOptions := strings.Split(volOptions.FuseMountOptions, ",")
kernelMountOptions := strings.Split(volOptions.KernelMountOptions, ",")
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY || if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY ||
req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY { req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY {
@ -173,12 +171,10 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
case *mounter.FuseMounter: case *mounter.FuseMounter:
if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) { if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) {
volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly) volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly)
fuseMountOptions = append(fuseMountOptions, readOnly)
} }
case *mounter.KernelMounter: case *mounter.KernelMounter:
if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) { if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) {
volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly) volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly)
kernelMountOptions = append(kernelMountOptions, readOnly)
} }
} }
} }
@ -191,30 +187,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
return status.Error(codes.Internal, err.Error()) return status.Error(codes.Internal, err.Error())
} }
if !csicommon.MountOptionContains(kernelMountOptions, readOnly) &&
!csicommon.MountOptionContains(fuseMountOptions, readOnly) {
// #nosec - allow anyone to write inside the stagingtarget path
err = os.Chmod(stagingTargetPath, 0o777)
if err != nil {
log.ErrorLog(
ctx,
"failed to change stagingtarget path %s permission for volume %s: %v",
stagingTargetPath,
volID,
err)
uErr := mounter.UnmountVolume(ctx, stagingTargetPath)
if uErr != nil {
log.ErrorLog(
ctx,
"failed to umount stagingtarget path %s for volume %s: %v",
stagingTargetPath,
volID,
uErr)
}
return status.Error(codes.Internal, err.Error())
}
}
return nil return nil
} }