Description of problem (please be detailed as possible and provide log
snippests):
- Cu has 2 ODF clusters, 4.11 and 4.12.
- The same spc_t container is not able to write/create folders to a ocs-storagecluster-cephfs mounted volume on ODF4.12 cluster as the permission is set to 755.
drwxr-xr-x. 5 root root 61 Feb 23 20:55 shared
- Whereas it works fine in 4.11 cluster as it gets mounted with global permission 777.
drwxrwxrwx. 9 root root 7 Feb 23 09:00 shared
- In 4.12 the same container with container security context
jsonpath='{.spec.securityContext}' | jq
{
"runAsNonRoot": true,
"runAsUser": 12574,
"seLinuxOptions": {
"type": "spc_t"
}
}
is unable to create folders on it:
mkdir: cannot create directory ‘/domino/shared/heap_dumps/frontend’: Permission denied
- Ceph version is 16.2.10-94.el8cp and the storage is looking healthy
- issue seems similar to https://github.com/ceph/ceph-csi/pull/3204
- Cu rely on the global permissions 777 and need a way to set the 777 permissions at a global level, like csi,operator,pv or pvc.
Version of all relevant components (if applicable):
ODF v4.12.0
Ceph 16.2.10-94.el8cp
Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Yes, All of the containers that mount the volume have the securityContext, so they all fail to create directories on the mount.
Is there any workaround available to the best of your knowledge? No
Can this issue reproducible?
Yes
Steps to Reproduce:
1. OCP 4.12, with ODF 4.12, create a pv with ocs-storagecluster-cephfs sc
2. create a pod with the security context specified
3. have the pod attempt to create a folder in the mounted drive.
Actual results:
Unable to write to the volume
Expected results:
Containers can create write to the vol mount
Additional info: ODF m-g is uploaded to supportshell under ~/03446639
Description of problem (please be detailed as possible and provide log snippests): - Cu has 2 ODF clusters, 4.11 and 4.12. - The same spc_t container is not able to write/create folders to a ocs-storagecluster-cephfs mounted volume on ODF4.12 cluster as the permission is set to 755. drwxr-xr-x. 5 root root 61 Feb 23 20:55 shared - Whereas it works fine in 4.11 cluster as it gets mounted with global permission 777. drwxrwxrwx. 9 root root 7 Feb 23 09:00 shared - In 4.12 the same container with container security context jsonpath='{.spec.securityContext}' | jq { "runAsNonRoot": true, "runAsUser": 12574, "seLinuxOptions": { "type": "spc_t" } } is unable to create folders on it: mkdir: cannot create directory ‘/domino/shared/heap_dumps/frontend’: Permission denied - Ceph version is 16.2.10-94.el8cp and the storage is looking healthy - issue seems similar to https://github.com/ceph/ceph-csi/pull/3204 - Cu rely on the global permissions 777 and need a way to set the 777 permissions at a global level, like csi,operator,pv or pvc. Version of all relevant components (if applicable): ODF v4.12.0 Ceph 16.2.10-94.el8cp Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? Yes, All of the containers that mount the volume have the securityContext, so they all fail to create directories on the mount. Is there any workaround available to the best of your knowledge? No Can this issue reproducible? Yes Steps to Reproduce: 1. OCP 4.12, with ODF 4.12, create a pv with ocs-storagecluster-cephfs sc 2. create a pod with the security context specified 3. have the pod attempt to create a folder in the mounted drive. Actual results: Unable to write to the volume Expected results: Containers can create write to the vol mount Additional info: ODF m-g is uploaded to supportshell under ~/03446639