Closed kormide closed 6 months ago
Is there a way you could place yourself in the disk
group?
Is there a way you could place yourself in the
disk
group?
I believe that's what the runAsGroup: 2000
should be doing.
I'm going to close this issue. Though it may be the case that you're still running into this issue, addressing it is outside the scope of the Buildbarn project. Getting this fixed pertains to Linux kernel security policies, Kubernetes, containerd, etc., cluster configuration/administration, not Buildbarn.
I'm using kubernetes on GCP to deploy buildbarn and, unlike the example deployment, I'm provisioning entire block devices for the CAS, AC, and KLMs rather than creating files on a device for the remote cache. However, I'm running into a permissions issue when running the container as a non-root user. For example, my securityContext looks like:
Kubernetes mounts the block devices with the following permissions on the device descriptors. Note that the owner is
root
and the group isdisk
(2000).When I set
runAsNonRoot
totrue
, andrunAsGroup
to2000
, I get the following error when the container is deployed.The error is triggered from here.
I"m wondering if the parameters need to be changed on that call somehow to allow for a member of the permissions group to read and write rather than just the owner. I'm not aware of a way to change the owner from
root
when mounting the device in k8s. I'm also relatively new to k8s, so I may be missing something.