Hi, I added some debugging logs and built the ceph image. The log clearly tells that the container is started as root user and drops privilege (i.e., becomes `ceph` user). It then tries to create the run directory (i.e., /var/run/ceph), which leads to the permission issue. Does anyone know why we want to drop privilege before creating the run directory? Thanks, Zhongzhou Cai On Wed, Aug 10, 2022 at 1:41 AM Zhongzhou Cai <zhongzhoucai@xxxxxxxxxx> wrote: > Hi Marc, > > I put the bare minimal security context, so I think the container is > running as root by default, but in the ceph code it drops privilege and > sets the user `ceph`. > > Thanks, > Zhongzhou Cai > > > On Wed, Aug 10, 2022 at 12:31 AM Marc <Marc@xxxxxxxxxxxxxxxxx> wrote: > >> >> > >> > I've built a ceph container image based on ubuntu and used rook to >> > install >> > ceph in my GKE cluster, but I found in the ceph-mon log that the run-dir >> > is >> > not created: >> > warning: unable to create /var/run/ceph: (13) Permission denied >> > debug 2022-08-05T00:38:06.472+0000 7f0960c2c540 -1 asok(0x56213ef7e000) >> > AdminSocketConfigObs::init: failed: AdminSocket::bind_and_listen: failed >> > to >> > bind the UNIX domain socket to '/var/run/ceph/ceph-mon.a.asok': (2) No >> > such >> > file or directory >> > >> > I looked into the ceph/ceph source code. It turns out that we drop >> > privilege before we create /var/run/ceph, which might explain why the >> > run-dir creation failed. >> >> Drop privilege? I assumed this container is just running as a regular >> user. Is this not the case? >> > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |