New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix creation of subpath with SUID/SGID directories. #61284

Merged
merged 2 commits into from Mar 16, 2018

Conversation

@jsafrane
Member

jsafrane commented Mar 16, 2018

SafeMakeDir() should apply SUID/SGID/sticky bits to the directory it creates.

Fixes #61283

Release note:

NONE
Fix creation of subpath with SUID/SGID directories.
SafeMakeDir() should apply SUID/SGID/sticky bits to the directory it creates.
@jsafrane

This comment has been minimized.

Member

jsafrane commented Mar 16, 2018

/retest

@jsafrane

This comment has been minimized.

Member

jsafrane commented Mar 16, 2018

There is e2e test that's supposed to watch for this kind of bugs, but:

  1. the test is not enabled by default.
  2. even if it was, it checks only for permissions without suid/sgid bits

Both can be relatively easily fixed, I'll look at it either tomorrow or on Monday. Ping @gnufied (EDT timezone) if this is urgently needed.

@k8s-ci-robot k8s-ci-robot removed the approved label Mar 16, 2018

@gnufied

This comment has been minimized.

Member

gnufied commented Mar 16, 2018

@liggitt I have update e2e tests to have clear failure in absence of setgid bits . PTAL

@saad-ali

This comment has been minimized.

Member

saad-ali commented Mar 16, 2018

/aprove

@saad-ali

/lgtm

@k8s-ci-robot

This comment has been minimized.

Contributor

k8s-ci-robot commented Mar 16, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsafrane, saad-ali

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jdumars

This comment has been minimized.

Member

jdumars commented Mar 16, 2018

@saad-ali want me to get this merged? If so, I'll add SIG-Storage and put it in the milestone.

@liggitt

This comment has been minimized.

Member

liggitt commented Mar 16, 2018

/sig storage
/milestone v1.10

will leave milestone approval up to @saad-ali / @childsb

@k8s-ci-robot k8s-ci-robot added this to the v1.10 milestone Mar 16, 2018

@liggitt

This comment has been minimized.

Member

liggitt commented Mar 16, 2018

/kind bug
/priority critical-urgent
(critical because this is a regression from 1.9)

@childsb

This comment has been minimized.

Member

childsb commented Mar 16, 2018

/status approved-for-milestone

@k8s-merge-robot

This comment has been minimized.

Contributor

k8s-merge-robot commented Mar 16, 2018

[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process

@jsafrane @saad-ali

Pull Request Labels
  • sig/storage: Pull Request will be escalated to these SIGs if needed.
  • priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
  • kind/bug: Fixes a bug discovered during the current release.
Help
@k8s-cherrypick-bot

This comment has been minimized.

k8s-cherrypick-bot commented Mar 16, 2018

Removing label cherrypick-candidate because no release milestone was set. This is an invalid state and thus this PR is not being considered for cherry-pick to any release branch. Please add an appropriate release milestone and then re-add the label.

@k8s-merge-robot

This comment has been minimized.

Contributor

k8s-merge-robot commented Mar 16, 2018

Automatic merge from submit-queue (batch tested with PRs 61284, 61119, 61201). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-merge-robot k8s-merge-robot merged commit f125152 into kubernetes:master Mar 16, 2018

14 checks passed

Submit Queue Queued to run github e2e tests a second time.
Details
cla/linuxfoundation gnufied authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce Job succeeded.
Details
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details

k8s-merge-robot added a commit that referenced this pull request Mar 22, 2018

Merge pull request #61310 from rootfs/automated-cherry-pick-of-#61284-…
…upstream-release-1.7

Automatic merge from submit-queue.

Automated cherry pick of #61284 upstream release 1.7

**What this PR does / why we need it**:
cherrypick #61284 into 1.7
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #61283

**Special notes for your reviewer**:
@jsafrane @liggitt 
**Release note**:
```release-note
Fix a regression preventing subpath mounts in pods using fsGroup from having set-GID bits set properly
```

k8s-merge-robot added a commit that referenced this pull request Mar 26, 2018

Merge pull request #61308 from rootfs/automated-cherry-pick-of-#61284-…
…upstream-release-1.9

Automatic merge from submit-queue.

Automated cherry pick of #61284 upstream release 1.9

**What this PR does / why we need it**:
cherrypick #61824 into 1.9
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #61283

**Special notes for your reviewer**:
@jsafrane @liggitt 
**Release note**:

```release-note
Fix a regression preventing subpath mounts in pods using fsGroup from having set-GID bits set properly
```

k8s-merge-robot added a commit that referenced this pull request Mar 27, 2018

Merge pull request #61309 from rootfs/automated-cherry-pick-of-#61284-…
…upstream-release-1.8

Automatic merge from submit-queue.

Automated cherry pick of #61284 upstream release 1.8

**What this PR does / why we need it**:
cherrypick #61284 into 1.8
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:
@jsafrane @liggitt 
**Release note**:
```release-note
Fix a regression preventing subpath mounts in pods using fsGroup from having set-GID bits set properly
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment