From 695b30e91c40e1932470f40ab71496089cfd777c Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 3 Aug 2022 17:18:56 +0200 Subject: [PATCH] volume: use GetHostIDsForPod() This commit only changes the UID/GID if user namespaces is enabled. When it is enabled, it changes it so the hostUID and hostGID that are mapped to the currently used UID/GID. This is needed so volumes are created with the hostUID/hostGID and the user inside the container can read them. If user namespaces are disabled for this pod, this is a no-op: there is no user namespace mapping, so the hostUID/hostGID are the same as inside the container. Signed-off-by: Rodrigo Campos --- .../operationexecutor/operation_generator.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pkg/volume/util/operationexecutor/operation_generator.go b/pkg/volume/util/operationexecutor/operation_generator.go index fe04932c4dd..6237755bbdb 100644 --- a/pkg/volume/util/operationexecutor/operation_generator.go +++ b/pkg/volume/util/operationexecutor/operation_generator.go @@ -669,10 +669,23 @@ func (og *operationGenerator) GenerateMountVolumeFunc( resizeOptions.DeviceStagePath = deviceMountPath } + kvh, ok := og.GetVolumePluginMgr().Host.(volume.KubeletVolumeHost) + if !ok { + eventErr, detailedErr := volumeToMount.GenerateError("MountVolume type assertion error", fmt.Errorf("volume host does not implement KubeletVolumeHost interface")) + return volumetypes.NewOperationContext(eventErr, detailedErr, migrated) + } + uid := util.FsUserFrom(volumeToMount.Pod) + hostUID, hostGID, err := kvh.GetHostIDsForPod(volumeToMount.Pod, uid, fsGroup) + if err != nil { + msg := fmt.Sprintf("MountVolume.GetHostIDsForPod failed to find host ID in user namespace (UID: %v GID: %v)", uid, fsGroup) + eventErr, detailedErr := volumeToMount.GenerateError(msg, err) + return volumetypes.NewOperationContext(eventErr, detailedErr, migrated) + } + // Execute mount mountErr := volumeMounter.SetUp(volume.MounterArgs{ - FsUser: util.FsUserFrom(volumeToMount.Pod), - FsGroup: fsGroup, + FsUser: hostUID, + FsGroup: hostGID, DesiredSize: volumeToMount.DesiredSizeLimit, FSGroupChangePolicy: fsGroupChangePolicy, })