move to privsep broke nas_secure_file_* options for Quobyte driver
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Cinder |
Undecided
|
Silvan Kaiser | ||
Bug Description
In change [1] file operations in the remotefs driver were moved to privsep, slightly changing the behaviour in the image and info file creation process.
Prior to the change the files were created through the driver by the user specified by the current driver config (run_as_
The issue arises when the driver creates a new image or info file as user root (privsep) and afterwards tries to run a chmod command to set the permissions. The chmod command is run by the configured service user (e.g. 'cinder' if nas_secure_
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
Mar 04 09:22:37 manualcinderci cinder-
We need to ensure that the file is set the required owner and permissions without running into permission denied issues.
| Changed in cinder: | |
| assignee: | nobody → Silvan Kaiser (2-silvan) |
| Changed in cinder: | |
| status: | New → In Progress |
Related fix proposed to branch: master
Review: https:/
| OpenStack Infra (hudson-openstack) wrote : | #3 |
Related fix proposed to branch: master
Review: https:/
Change abandoned by Silvan Kaiser (<email address hidden>) on branch: master
Review: https:/
Reason: @Eric: Reverts are fine with me, thanks for the reverts
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit f5a733c084dfb3d
Author: Eric Harney <email address hidden>
Date: Wed Mar 6 10:07:04 2019 -0500
Revert "Use native python truncate for privsep"
This reverts commit 2e292ddeb4148e1
Related-Bug: #1818504
Change-Id: I3df664d16ed8af
| OpenStack Infra (hudson-openstack) wrote : | #6 |
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit ade7d89c2e9eb31
Author: Eric Harney <email address hidden>
Date: Wed Mar 6 10:07:16 2019 -0500
Revert "Remove truncate from rootwrap filters"
This reverts commit a62c9dfdd41ab0b
This did not account for cases where truncate is
called w/o elevated privileges.
Related-Bug: #1818504
Change-Id: I3cb85be854e68f
Fix proposed to branch: master
Review: https:/