Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1725254

Summary: Ceph NFS container runs as a privileged container in TripleO
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Goutham Pacha Ravi <gouthamr>
Component: Ceph-AnsibleAssignee: Guillaume Abrioux <gabrioux>
Status: CLOSED WONTFIX QA Contact: Vasishta <vashastr>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: aschoen, ceph-eng-bugs, ealcaniz, gabrioux, gcharot, gfidente, gmeno, jgrosso, mburns, nthomas, pasik, vimartin
Target Milestone: rcKeywords: Triaged
Target Release: 4.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1725251 Environment:
Last Closed: 2020-01-02 13:18:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1760354    

Description Goutham Pacha Ravi 2019-06-28 20:43:27 UTC 
Description of problem:

The ceph-nfs container runs nfs-ganesha to support the CephFS FSAL and provide NFS shared file systems through openstack-manila. It uses the host's dbus socket and accepts commands over this socket from the CephFS via NFS driver in openstack-manila. 

This container does not need to be run as a privileged process. Please see a discussion here https://github.com/ceph/ceph-ansible/blob/f49090df7ef82419c69dfd7a22250a79c17de42f/roles/ceph-nfs/templates/ceph-nfs.service.j2#L21