Bug 1874215 - Restic does not respect the supplementalgroups of a namespace
Summary: Restic does not respect the supplementalgroups of a namespace
Keywords:
Status: CLOSED DUPLICATE of bug 1873641
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Migration Tooling
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.5.z
Assignee: John Matthews
QA Contact: Xin jiang
URL:
Whiteboard:
Depends On: 1873641 1881456
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-08-31 17:39 UTC by Erik Nelson
Modified: 2020-09-22 12:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1873641
Environment:
Last Closed: 2020-09-14 15:41:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Erik Nelson 2020-08-31 17:39:43 UTC 
+++ This bug was initially created as a clone of Bug #1873641 +++

Description of problem:

Restic does not appear to respect the supplementalgroups of a namespace (https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/pod_security_context.html#supplemental-groups)

After changing permissions on NFS side, can run stage with copy successfully, but should not be required as supplementalgroup is set on the nfs and the stage pod is respecting it.

Fails with the following error:
backup=openshift-migration/<backup_id> controller=pod-volume-backup error="fork/exec /usr/bin/restic: permission denied" error.file="/go/src/github.com/vmware-tanzu/velero/pkg/controller/pod_volume_backup_controller.go:280" error.function="github.com/vmware-tanzu/velero/pkg/controller.(*podVolumeBackupController).processBackup" logSource="pkg/controller/pod_volume_backup_controller.go:280" name=<backup_id> namespace=openshift-migration
Note You need to log in before you can comment on or make changes to this bug.