Merge pull request #98717 from mengjiao-liu/subpath-permission

fix VolumeMount permissions with subpaths only apply the right permsions to the last directory

pkg/volume/util/subpath/subpath_linux.go

@@ -433,13 +433,11 @@ func doSafeMakeDir(pathname string, base string, perm os.FileMode) error {
 		}
 		parentFD = childFD
 		childFD = -1
-	}
 
 		// Everything was created. mkdirat(..., perm) above was affected by current
-	// umask and we must apply the right permissions to the last directory
+		// umask and we must apply the right permissions to the all created directory.
 		// (that's the one that will be available to the container as subpath)
-	// so user can read/write it. This is the behavior of previous code.
+		// so user can read/write it.
-	// TODO: chmod all created directories, not just the last one.
 		// parentFD is the last created directory.
 
 		// Translate perm (os.FileMode) to uint32 that fchmod() expects
@@ -456,6 +454,8 @@ func doSafeMakeDir(pathname string, base string, perm os.FileMode) error {
 		if err = syscall.Fchmod(parentFD, kernelPerm); err != nil {
 			return fmt.Errorf("chmod %q failed: %s", currentPath, err)
 		}
+	}
+
 	return nil
 }
 

pkg/volume/util/subpath/subpath_linux_test.go

@@ -35,6 +35,7 @@ import (
 
 func TestSafeMakeDir(t *testing.T) {
 	defaultPerm := os.FileMode(0750) + os.ModeDir
+	maxPerm := os.FileMode(0777) + os.ModeDir
 	tests := []struct {
 		name string
 		// Function that prepares directory structure for the test under given
@@ -55,6 +56,16 @@ func TestSafeMakeDir(t *testing.T) {
 			defaultPerm,
 			false,
 		},
+		{
+			"all-created-subpath-directory-with-permissions",
+			func(base string) error {
+				return nil
+			},
+			"test/directory",
+			"test",
+			maxPerm,
+			false,
+		},
 		{
 			"directory-with-sgid",
 			func(base string) error {