Bug 1271611
Summary: | Permission denied when write to the dir for aws ebs volume mounted with selinux is permissive | ||
---|---|---|---|
Product: | OKD | Reporter: | Chao Yang <chaoyang> |
Component: | Storage | Assignee: | Sami Wagiaalla <swagiaal> |
Status: | CLOSED NOTABUG | QA Contact: | Liang Xia <lxia> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.x | CC: | aos-bugs, bchilds, chaoyang, mmcgrath |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-02 15:29:32 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chao Yang
2015-10-14 11:30:49 UTC
Please provide the following: oc exec aws-web id and ls -Zd <path to where the disk is mounted on the host> It is likely that the user in the container does not match the owner of the device in which case this is not a bug. Hi, see the results like below: bash-4.2$ ls -Zd /usr/share/nginx/html/ drwxrwsr-x. root 1000020000 system_u:object_r:svirt_sandbox_file_t:s0:c0,c5 /usr/share/nginx/html/ [root@ip-172-18-9-96 ~]# oc exec aws-web id uid=1000020000 gid=0(root) Okay so this is not a bug. The volume is owned by root, but the user inside the container is 1000020000. Either change the volume owner to 1000020000 or add the group from the volume (which also happens to be 1000020000) as a SupplementalGroup |