snapd

kubectl cannot access NFS directory

Bug #1831955 reported by Andy McCallum
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Expired
Undecided
Unassigned

Bug Description

Whenever the current directory is an NFS directory the following error occurs:

andy@arwen:/andy/testing/end2end$ kubectl
cannot open path of the current working directory: Permission denied

kubectl does not have a problem when the current directory is the user local directory.

This is a problem for:
  stable: 1.14.2 2019-05-22 (997) 10MB classic

and:
  candidate: 1.14.3 2019-06-07 (1014) 10MB classic

Revision history for this message
Mike Royal (maos20008) wrote :

This may help. https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client

Revision history for this message
Andy McCallum (mandoonandy) wrote :

Thanks for your help Mike, but that is not relevant.

This is a problem related to Snap configuration on a Ubuntu local machine. (Not NFS access from within a Kubernetes container.)

Running kubectl from a Snap is broken when the current working directory is on an NFS mount. Due to inappropriate security settings of the kubectl snap, kubectl cannot access the NFS mounted directory.

Revision history for this message
John Lenton (chipaca) wrote :

It's not the kubectl snap, and it's not snapcraft.
Snapd's automatic detection of NFS home only works if the NFS is mounted on /home, and mounted at boot (before snapd starts). Autofs and other schemes where homes appear automatically (e.g. ecryptfs) are not supported by snapd. Neither are homes located in places other than /home, whether they are NFS or not.

affects: snapcraft → snapd
Revision history for this message
Andy McCallum (mandoonandy) wrote :

My bug does not reference the /home directory. To be clear, my /home directory is on an EXT4 disk (not encrypted).

I am trying to run kubectl whilst the "current directory" happens to be mounted from an NFS server.

Currently kubectl cannot access any file that is stored on an NFS mounted partition.

To expand (and explain in very simple terms), my project files are stored on an NFS mounted disk. When I try to use kubectl to execute a command using those files, it fails with the reported error.

NOTE: kubectl runs without error when I change directory to the local disk and only access files that stored on the local disk.

My bug report is that "kubectl cannot access files stored on an NFS mount point".

This is a problem caused by kubectl being installed in a snap.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I agree that snaps accessing arbitrary locations outside of home that are NFS mounted is not supported by snapd today. This is not a design decision, just a way the linux kernel LSM stack is implemented.

Having said that, as a simple workaround you can try adding the network interface to the snap. If that doesn't work it's no longer going to be caused by the permission system. Looking at the path mentioned in the bug report (/andy/testing/end2end) it seems like a custom extension of the standard directory layout. Arbitrary directories are not supported by snapd. Only specific directories mounted via /home/* and /var/* are supported.

I'm going to mark this as incomplete to understand better which of the two sides of the problem you are facing. Please clarify.

Changed in snapd:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for snapd because there has been no activity for 60 days.]

Changed in snapd:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.