fix: mount options for fsGroup delegation must ensure RWX for the group #848
Commits on Sep 13, 2024
-
fix: mount options for fsGroup delegation must ensure RWX for the group
If user sets `fsGroup: <gid>` in Pod's spec.securityContext, kubelet delegate fsGroup to CSI Driver, and NodeStageVolume() adds `gid=<gid>` to mount options. This might be not enough to make volume writable for the user: ``` $ kubectl exec fedora -- ls -ld /mnt/claim drwxr-xr-x. 2 root 1002 0 Sep 13 12:04 /mnt/claim $ kubectl exec fedora -- touch /mnt/claim/FILE touch: cannot touch '/mnt/claim/FILE': Permission denied ``` See kubernetes-csi#835
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.