Re: ceph drops privilege before creating /var/run/ceph

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I added some debugging logs and built the ceph image. The log clearly tells
that the container is started as root user and drops privilege (i.e.,
becomes `ceph` user). It then tries to create the run directory (i.e.,
/var/run/ceph), which leads to the permission issue. Does anyone know why
we want to drop privilege before creating the run directory?

Thanks,
Zhongzhou Cai


On Wed, Aug 10, 2022 at 1:41 AM Zhongzhou Cai <zhongzhoucai@xxxxxxxxxx>
wrote:

> Hi Marc,
>
> I put the bare minimal security context, so I think the container is
> running as root by default, but in the ceph code it drops privilege and
> sets the user `ceph`.
>
> Thanks,
> Zhongzhou Cai
>
>
> On Wed, Aug 10, 2022 at 12:31 AM Marc <Marc@xxxxxxxxxxxxxxxxx> wrote:
>
>>
>> >
>> > I've built a ceph container image based on ubuntu and used rook to
>> > install
>> > ceph in my GKE cluster, but I found in the ceph-mon log that the run-dir
>> > is
>> > not created:
>> > warning: unable to create /var/run/ceph: (13) Permission denied
>> > debug 2022-08-05T00:38:06.472+0000 7f0960c2c540 -1 asok(0x56213ef7e000)
>> > AdminSocketConfigObs::init: failed: AdminSocket::bind_and_listen: failed
>> > to
>> > bind the UNIX domain socket to '/var/run/ceph/ceph-mon.a.asok': (2) No
>> > such
>> > file or directory
>> >
>> > I looked into the ceph/ceph source code. It turns out that we drop
>> > privilege before we create /var/run/ceph, which might explain why the
>> > run-dir creation failed.
>>
>> Drop privilege? I assumed this container is just running as a regular
>> user. Is this not the case?
>>
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux