2149409 – HPP mounter deployment can't mount as unprivileged

Bug 2149409 - HPP mounter deployment can't mount as unprivileged

Summary: HPP mounter deployment can't mount as unprivileged

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.12.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.12.1
Assignee:	Alexander Wels
QA Contact:	Yan Du
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-11-29 20:03 UTC by Alex Kalenyuk
Modified:	2023-08-08 10:31 UTC (History)
CC List:	3 users (show)
Fixed In Version:	CNV v4.12.0-779
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	kubevirt hostpath-provisioner-operator pull 278	None	Merged	Change mounter pod to run as root	2022-12-19 11:50:18 UTC
Github	kubevirt hostpath-provisioner-operator pull 281	None	Merged	[release-v0.14] Change mounter pod to run as root	2023-02-01 13:23:56 UTC
Github	kubevirt hostpath-provisioner-operator pull 282	None	Merged	[release-v0.13] Change mounter pod to run as root	2023-02-01 13:23:56 UTC
Red Hat Issue Tracker	CNV-22994	None	None	None	2022-11-29 20:12:52 UTC

Description Alex Kalenyuk 2022-11-29 20:03:52 UTC

Description of problem:
Mounter is running as USER 1000 and thus cannot perform the mount operation

Version-Release number of selected component (if applicable):
CNV 4.12.0

How reproducible:
100%

Steps to Reproduce:
1. Install HPP
2.
3.

Actual results:
Failed mounting "Output","out":"mount: only root can do that\n"

Expected results:
Mounter succeeds mounting

Additional info:
{"level":"error","ts":1669748871.4062114,"logger":"mounter","msg":"failed to mount device to path on host.","error":"exit status 1","stacktrace":"main.mountBlockVolume\n\t/home/prow/go/src/github.com/kubevirt/hostpath-provisioner-operator/cmd/mounter/main.go:256\nmain.main\n\t/home/prow/go/src/github.com/kubevirt/hostpath-provisioner-operator/cmd/mounter/main.go:161\nruntime.main\n\t/root/.gimme/versions/go1.18.2.linux.amd64/src/runtime/proc.go:250"}
{"level":"info","ts":1669748871.4063103,"logger":"mounter","msg":"Output","out":"mount: only root can do that\n"}

Comment 2 Yan Du 2023-02-13 10:18:00 UTC

Test on CNV-v4.12.1-40

not see the mount error in hostpath-provisioner-operator and hpp-pool pods.
and mounter runs as root
sh-4.4# id
uid=0(root) gid=0(root) groups=0(root)

Note You need to log in before you can comment on or make changes to this bug.