fix permissions when using fsGroup #37009
Conversation
k8s-github-robot
added
size/XS
|
Jenkins GCI GCE e2e failed for commit a349fa7. Full PR test history. The magic incantation to run this job again is |
|
@k8s-bot gci gce e2e test this |
pmorie
added
sig/storage
|
I think this fix is good, but we need to encode some context about why it is okay to skip symlinks. Remember, this code might also run against any number of block device-provided volumes, so we need a broad understanding of why the code is the way it is to be communicated with this change as comments. |
|
test case? |
|
Yes, this needs E2E coverage added for configmap/secret/downward API |
|
cc @kubernetes/sig-storage |
|
@saad-ali -- i would like this to be a cherry-pick for 1.5 once a test case is added. |
derekwaynecarr
added
release-note
k8s-github-robot
added
size/M
sjenning
force-pushed
the
fix-perms-with-fsgroup
branch
from
63314ed
to
f898967
Compare
|
@derekwaynecarr @pmorie added comments and e2e tests |
The issue it is fixing, was it introduced in 1.5? How bad is the issue it is fixing, can we ship 1.5 with it? How risky is the fix to the rest of the 1.5 release? |
|
@saad-ali it isn't risky as chowning/chmoding symlinks was only corrupting the mode of underlying files before this PR. I'm not sure when it was introduced exactly but it predates the 1.5 cycle. |
|
This has been an issue since 1.3 afaict On Friday, November 18, 2016, Seth Jennings notifications@github.com
|
Ack. Ok for post-code freeze merge. As an FYI, last chance for automatic merge to 1.5 branch will Nov 23 10 AM PST. At that point: https://groups.google.com/forum/#!topic/kubernetes-dev/n-vqlX-HHSM |
|
@pmorie bump |
| @@ -51,6 +51,17 @@ func SetVolumeOwnership(mounter Mounter, fsGroup *int64) error { | |||
| return err | |||
| } | |||
|
|
|||
| // chown and chmod pass through to the underlying file for symlinks. | |||
There was a problem hiding this comment.
weird rendering error, disregard
| @@ -41,6 +41,11 @@ var _ = framework.KubeDescribe("ConfigMap", func() { | |||
| doConfigMapE2EWithoutMappings(f, 0, 0, &defaultMode) | |||
| }) | |||
|
|
|||
| It("should be consumable from pods in volume with defaultMode and fsGroup set [Conformance]", func() { | |||
There was a problem hiding this comment.
how about a test for non-root, default mode, and fsgroup?
There was a problem hiding this comment.
after thinking about it, this should probably be a non-root only test
| doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()), nil) | ||
| }) | ||
|
|
||
| It("should be consumable from pods in volume with defaultMode and fsGroup set [Conformance]", func() { |
There was a problem hiding this comment.
same comment for secrets -- i'd like to see nonroot, fsgroup, and default mode in a test case.
sjenning
force-pushed
the
fix-perms-with-fsgroup
branch
from
f898967
to
51ae5a3
Compare
pmorie
added
the
lgtm
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
Jenkins unit/integration failed for commit 51ae5a3. Full PR test history. The magic incantation to run this job again is |
|
Automatic merge from submit-queue (batch tested with PRs 38294, 37009, 36778, 38130, 37835) |
Automatic merge from submit-queue (batch tested with PRs 38294, 37009, 36778, 38130, 37835) fix permissions when using fsGroup Currently, when an fsGroup is specified, the permissions of the defaultMode are not respected and all files created by the atomic writer have mode 777. This is because in `SetVolumeOwnership()` the `filepath.Walk` includes the symlinks created by the atomic writer. The symlinks have mode 777 when read from `info.Mode()`. However, when the are chmod'ed later, the chmod applies to the file the symlink points to, not the symlink itself, resulting in the wrong mode for the underlying file. This PR skips chmod/chown for symlinks in the walk since those operations are carried out on the underlying file which will be included elsewhere in the walk. xref https://bugzilla.redhat.com/show_bug.cgi?id=1384458 @derekwaynecarr @pmorie
saad-ali
added
the
cherry-pick-approved
#38276-#37009-upstream-release-1.5 Automatic merge from submit-queue Automated cherry pick of #37594 #38276 #37009 upstream release 1.5 Batch cherry pick PRs #37594 #38276 #37009 from master to release-1.5 branch. PR #37009 had merge conflicts that needed to be resolved. CC Original PR Authors: @thockin @mbohlool @mwielgus @sjenning
|
Commit found in the "release-1.5" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
Currently, when an fsGroup is specified, the permissions of the defaultMode are not respected and all files created by the atomic writer have mode 777. This is because in
SetVolumeOwnership()thefilepath.Walkincludes the symlinks created by the atomic writer. The symlinks have mode 777 when read frominfo.Mode(). However, when they are chmod'ed later, the chmod applies to the file the symlink points to, not the symlink itself, resulting in the wrong mode for the underlying file.This PR skips chmod/chown for symlinks in the walk since those operations are carried out on the underlying file which will be included elsewhere in the walk.
xref https://bugzilla.redhat.com/show_bug.cgi?id=1384458
@derekwaynecarr @pmorie
This change is