From 0a22721502b90ff69c1f2360b55662ce4774811b Mon Sep 17 00:00:00 2001 From: Aleksandr Stefurishin Date: Tue, 18 Feb 2025 13:10:21 +0300 Subject: [PATCH 1/2] implement VMG capability Signed-off-by: Aleksandr Stefurishin --- .../0004-volume-mount-group-experiment.patch | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 images/csi-nfs/patches/0004-volume-mount-group-experiment.patch diff --git a/images/csi-nfs/patches/0004-volume-mount-group-experiment.patch b/images/csi-nfs/patches/0004-volume-mount-group-experiment.patch new file mode 100644 index 00000000..33c4fcf2 --- /dev/null +++ b/images/csi-nfs/patches/0004-volume-mount-group-experiment.patch @@ -0,0 +1,54 @@ +diff --git a/pkg/nfs/nfs.go b/pkg/nfs/nfs.go +index e91093d..4114aba 100644 +--- a/pkg/nfs/nfs.go ++++ b/pkg/nfs/nfs.go +@@ -106,6 +106,7 @@ func NewDriver(options *DriverOptions) *Driver { + csi.NodeServiceCapability_RPC_GET_VOLUME_STATS, + csi.NodeServiceCapability_RPC_SINGLE_NODE_MULTI_WRITER, + csi.NodeServiceCapability_RPC_UNKNOWN, ++ csi.NodeServiceCapability_RPC_VOLUME_MOUNT_GROUP, + }) + n.volumeLocks = NewVolumeLocks() + +diff --git a/pkg/nfs/nodeserver.go b/pkg/nfs/nodeserver.go +index 76e0d67..b10d58e 100644 +--- a/pkg/nfs/nodeserver.go ++++ b/pkg/nfs/nodeserver.go +@@ -19,6 +19,7 @@ package nfs + import ( + "fmt" + "os" ++ "os/user" + "strconv" + "strings" + "time" +@@ -141,6 +142,8 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV + return nil, status.Error(codes.Internal, err.Error()) + } + ++ // ++ + if mountPermissions > 0 { + if err := chmodIfPermissionMismatch(targetPath, os.FileMode(mountPermissions)); err != nil { + return nil, status.Error(codes.Internal, err.Error()) +@@ -148,6 +151,20 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV + } else { + klog.V(2).Infof("skip chmod on targetPath(%s) since mountPermissions is set as 0", targetPath) + } ++ ++ // TODO ++ grp, err := user.LookupGroup(volCap.GetMount().VolumeMountGroup) ++ if err != nil { ++ return nil, status.Error(codes.Internal, err.Error()) ++ } ++ gid, err := strconv.Atoi(grp.Gid) ++ if err != nil { ++ return nil, status.Error(codes.Internal, err.Error()) ++ } ++ if err := os.Chown(targetPath, -1, gid); err != nil { ++ return nil, status.Error(codes.Internal, err.Error()) ++ } ++ + klog.V(2).Infof("volume(%s) mount %s on %s succeeded", volumeID, source, targetPath) + return &csi.NodePublishVolumeResponse{}, nil + } From 2b69ed4792821a42c3feac959f04b970c056623e Mon Sep 17 00:00:00 2001 From: Aleksandr Stefurishin Date: Tue, 18 Feb 2025 17:36:07 +0300 Subject: [PATCH 2/2] remove setgid Signed-off-by: Aleksandr Stefurishin --- .../patches/0004-volume-mount-group-experiment.patch | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/images/csi-nfs/patches/0004-volume-mount-group-experiment.patch b/images/csi-nfs/patches/0004-volume-mount-group-experiment.patch index 33c4fcf2..b1588875 100644 --- a/images/csi-nfs/patches/0004-volume-mount-group-experiment.patch +++ b/images/csi-nfs/patches/0004-volume-mount-group-experiment.patch @@ -11,7 +11,7 @@ index e91093d..4114aba 100644 n.volumeLocks = NewVolumeLocks() diff --git a/pkg/nfs/nodeserver.go b/pkg/nfs/nodeserver.go -index 76e0d67..b10d58e 100644 +index 76e0d67..6135899 100644 --- a/pkg/nfs/nodeserver.go +++ b/pkg/nfs/nodeserver.go @@ -19,6 +19,7 @@ package nfs @@ -22,16 +22,17 @@ index 76e0d67..b10d58e 100644 "strconv" "strings" "time" -@@ -141,6 +142,8 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV +@@ -141,6 +142,9 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV return nil, status.Error(codes.Internal, err.Error()) } -+ // ++ // TODO ++ mountPermissions = mountPermissions &^ uint64(os.ModeSetgid) + if mountPermissions > 0 { if err := chmodIfPermissionMismatch(targetPath, os.FileMode(mountPermissions)); err != nil { return nil, status.Error(codes.Internal, err.Error()) -@@ -148,6 +151,20 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV +@@ -148,6 +152,20 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV } else { klog.V(2).Infof("skip chmod on targetPath(%s) since mountPermissions is set as 0", targetPath) }