Re: ceph drops privilege before creating /var/run/ceph

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Marc,

I put the bare minimal security context, so I think the container is
running as root by default, but in the ceph code it drops privilege and
sets the user `ceph`.

Thanks,
Zhongzhou Cai


On Wed, Aug 10, 2022 at 12:31 AM Marc <Marc@xxxxxxxxxxxxxxxxx> wrote:

>
> >
> > I've built a ceph container image based on ubuntu and used rook to
> > install
> > ceph in my GKE cluster, but I found in the ceph-mon log that the run-dir
> > is
> > not created:
> > warning: unable to create /var/run/ceph: (13) Permission denied
> > debug 2022-08-05T00:38:06.472+0000 7f0960c2c540 -1 asok(0x56213ef7e000)
> > AdminSocketConfigObs::init: failed: AdminSocket::bind_and_listen: failed
> > to
> > bind the UNIX domain socket to '/var/run/ceph/ceph-mon.a.asok': (2) No
> > such
> > file or directory
> >
> > I looked into the ceph/ceph source code. It turns out that we drop
> > privilege before we create /var/run/ceph, which might explain why the
> > run-dir creation failed.
>
> Drop privilege? I assumed this container is just running as a regular
> user. Is this not the case?
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux