Description of problem: Permission denied when write to the dir for aws ebs volume mounted Version-Release number of selected component (if applicable): oc v1.0.6-328-gdf1f19e kubernetes v1.1.0-alpha.1-653-g86b4e77 How reproducible: always Steps to Reproduce: 1.create a pod apiVersion: v1 kind: Pod metadata: name: aws-web spec: containers: - name: web image: jhou/hello-openshift ports: - name: web containerPort: 80 protocol: tcp volumeMounts: - name: html-volume mountPath: "/usr/share/nginx/html" volumes: - name: html-volume awsElasticBlockStore: volumeID: aws://us-east-1d/vol-dabedb20 fsType: ext4 [root@ip-172-18-12-131 ~]# oc get pods NAME READY STATUS RESTARTS AGE aws-web 1/1 Running 0 26m 2. set the selinux to permissive setenforce 0 3.check the write permission [root@ip-172-18-12-131 ~]# oc exec aws-web -ti -- bash bash-4.2$ touch /usr/share/nginx/html/file1 touch: cannot touch '/usr/share/nginx/html/file1': Permission denied Actual results: could not write to the dir aws ebs volume mounted Expected results: should have write permission Additional info: "read“ permission iscorrect
Please provide the following: oc exec aws-web id and ls -Zd <path to where the disk is mounted on the host> It is likely that the user in the container does not match the owner of the device in which case this is not a bug.
Hi, see the results like below: bash-4.2$ ls -Zd /usr/share/nginx/html/ drwxrwsr-x. root 1000020000 system_u:object_r:svirt_sandbox_file_t:s0:c0,c5 /usr/share/nginx/html/ [root@ip-172-18-9-96 ~]# oc exec aws-web id uid=1000020000 gid=0(root)
Okay so this is not a bug. The volume is owned by root, but the user inside the container is 1000020000. Either change the volume owner to 1000020000 or add the group from the volume (which also happens to be 1000020000) as a SupplementalGroup