Skip to content

Fix extra driver permissions with jailer #393

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix extra driver permissions with jailer #393

wants to merge 1 commit into from

Conversation

jwilder
Copy link

@jwilder jwilder commented Mar 6, 2022

When using the jailer config with a different uid/gid and
more than one attached volume, the additional volumes are still
owned by root causing a permission error when the VM starts.

This chowns the extra volume files to the jailer config uid/gid.

Sample logs:

time="2022-03-05T18:36:48-07:00" level=info msg="Attaching drive rootfs.ext4, slot 1, root true."
time="2022-03-05T18:36:48-07:00" level=info msg="Attached drive rootfs.ext4: [PUT /drives/{drive_id}][204] putGuestDriveByIdNoContent "
time="2022-03-05T18:36:48-07:00" level=info msg="Attaching drive overlay.ext4, slot 2, root false."
2022-03-06T01:36:48.117232076 [9285e3caaef3:fc_api:ERROR:src/api_server/src/parsed_request.rs:174] Received Error. Status code: 400 Bad Request. Message: Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: "Permission denied" })
time="2022-03-05T18:36:48-07:00" level=error msg="Attach drive failed: overlay.ext4: [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: \"Permission denied\" })}"
time="2022-03-05T18:36:48-07:00" level=error msg="While attaching drive overlay.ext4, got error [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: \"Permission denied\" })}"
time="2022-03-05T18:36:48-07:00" level=warning msg="Failed handler \"fcinit.AttachDrives\": [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: \"Permission denied\" })}"
start machine: [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: "Permission denied" })}

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jwilder
Fix extra driver permissions with jailer
1a872b4 
When using the jailer config with a different uid/gid and
more than one attached volume, the additional volumes are still
owned by root causing a permission error when the VM starts.

This chowns the extra volume files to the jailer config uid/gid.
@jwilder jwilder requested a review from a team as a code owner March 6, 2022 01:45
@austinvazquez
Copy link
Contributor

@jwilder, lgtm. For the buildkite failure, just need a dco in your commit message.

@jeffwidman
Copy link

nudge @jwilder

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jwilder @austinvazquez @jeffwidman