mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-02-19 02:38:07 -05:00
481b2dc7cf
Automatic merge from submit-queue (batch tested with PRs 64013, 63896, 64139, 57527, 62102). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Setup fsGroup for local volumes correctly **What this PR does / why we need it**: This pr fixes fsGroup check in local volume in containerized kubelet. Except this, it also fixes fsGroup check when volume source is a normal directory whether kubelet is running on the host or in a container. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #61741 **Special notes for your reviewer**: Bind mounts are detected in `/proc/mounts`, but it does not contain root of mount for bind mounts. So `mount.GetMountRefsByDev()` cannot get all references if source is a normal directory. e.g. ``` # mkdir /tmp/src /mnt/dst # mount --bind /tmp/src /tmp/src # required by local-volume-provisioner, see https://github.com/kubernetes-incubator/external-storage/pull/499 # mount --bind /tmp/src /mnt/dst # grep -P 'src|dst' /proc/mounts tmpfs /tmp/src tmpfs rw,nosuid,nodev,noatime,size=4194304k 0 0 tmpfs /mnt/dst tmpfs rw,nosuid,nodev,noatime,size=4194304k 0 0 # grep -P 'src|dst' /proc/self/mountinfo 234 409 0:42 /src /tmp/src rw,nosuid,nodev,noatime shared:30 - tmpfs tmpfs rw,size=4194304k 235 24 0:42 /src /mnt/dst rw,nosuid,nodev,noatime shared:30 - tmpfs tmpfs rw,size=4194304k ``` We need to compare root of mount and device in this case. **Release note**: ```release-note NONE ``` |
||
|---|---|---|
| .. | ||
| async | ||
| bandwidth | ||
| config | ||
| configz | ||
| conntrack | ||
| dbus | ||
| ebtables | ||
| env | ||
| file | ||
| filesystem | ||
| flag | ||
| flock | ||
| goroutinemap | ||
| hash | ||
| initsystem | ||
| interrupt | ||
| io | ||
| ipconfig | ||
| ipset | ||
| iptables | ||
| ipvs | ||
| keymutex | ||
| labels | ||
| limitwriter | ||
| maps | ||
| metrics | ||
| mount | ||
| net | ||
| netsh | ||
| node | ||
| normalizer | ||
| nsenter | ||
| oom | ||
| parsers | ||
| pointer | ||
| procfs | ||
| reflector/prometheus | ||
| removeall | ||
| resizefs | ||
| resourcecontainer | ||
| rlimit | ||
| selinux | ||
| slice | ||
| strings | ||
| sysctl | ||
| system | ||
| tail | ||
| taints | ||
| template | ||
| term | ||
| threading | ||
| tolerations | ||
| version | ||
| workqueue/prometheus | ||
| BUILD | ||
| verify-util-pkg.sh | ||