mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
cephfs: do chmod on stagingpath
instead of doing chmod on the targetpath always do it once at the stagintpath. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
parent
4d11490a2b
commit
e1fd12fb29
@ -151,17 +151,22 @@ func (*NodeServer) mount(ctx context.Context, volOptions *volumeOptions, req *cs
|
|||||||
|
|
||||||
klog.V(4).Infof(util.Log(ctx, "cephfs: mounting volume %s with %s"), volID, m.name())
|
klog.V(4).Infof(util.Log(ctx, "cephfs: mounting volume %s with %s"), volID, m.name())
|
||||||
|
|
||||||
|
readOnly := "ro"
|
||||||
|
fuseMountOptions := strings.Split(volOptions.FuseMountOptions, ",")
|
||||||
|
kernelMountOptions := strings.Split(volOptions.KernelMountOptions, ",")
|
||||||
|
|
||||||
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY ||
|
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY ||
|
||||||
req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY {
|
req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY {
|
||||||
readOnly := "ro"
|
|
||||||
switch m.(type) {
|
switch m.(type) {
|
||||||
case *fuseMounter:
|
case *fuseMounter:
|
||||||
if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) {
|
if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) {
|
||||||
volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly)
|
volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly)
|
||||||
|
fuseMountOptions = append(fuseMountOptions, readOnly)
|
||||||
}
|
}
|
||||||
case *kernelMounter:
|
case *kernelMounter:
|
||||||
if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) {
|
if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) {
|
||||||
volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly)
|
volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly)
|
||||||
|
kernelMountOptions = append(kernelMountOptions, readOnly)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -173,6 +178,18 @@ func (*NodeServer) mount(ctx context.Context, volOptions *volumeOptions, req *cs
|
|||||||
err)
|
err)
|
||||||
return status.Error(codes.Internal, err.Error())
|
return status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
if !csicommon.MountOptionContains(kernelMountOptions, readOnly) && !csicommon.MountOptionContains(fuseMountOptions, readOnly) {
|
||||||
|
// #nosec - allow anyone to write inside the stagingtarget path
|
||||||
|
err = os.Chmod(stagingTargetPath, 0777)
|
||||||
|
if err != nil {
|
||||||
|
klog.Errorf(util.Log(ctx, "failed to change stagingtarget path %s permission for volume %s: %v"), stagingTargetPath, volID, err)
|
||||||
|
uErr := unmountVolume(ctx, stagingTargetPath)
|
||||||
|
if uErr != nil {
|
||||||
|
klog.Errorf(util.Log(ctx, "failed to umount stagingtarget path %s for volume %s: %v"), stagingTargetPath, volID, uErr)
|
||||||
|
}
|
||||||
|
return status.Error(codes.Internal, err.Error())
|
||||||
|
}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -227,13 +244,6 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
|
|||||||
|
|
||||||
klog.V(4).Infof(util.Log(ctx, "cephfs: successfully bind-mounted volume %s to %s"), volID, targetPath)
|
klog.V(4).Infof(util.Log(ctx, "cephfs: successfully bind-mounted volume %s to %s"), volID, targetPath)
|
||||||
|
|
||||||
// #nosec - allow anyone to write inside the target path
|
|
||||||
err = os.Chmod(targetPath, 0777)
|
|
||||||
if err != nil {
|
|
||||||
klog.Errorf(util.Log(ctx, "failed to change targetpath permission for volume %s: %v"), volID, err)
|
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
return &csi.NodePublishVolumeResponse{}, nil
|
return &csi.NodePublishVolumeResponse{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user