kubevirt/0009-tests-Run-helper-pod-as-qemu-107-user.patch

From 1cfcbff44f6310628769445fad570a8ccd18fe22 Mon Sep 17 00:00:00 2001
From: Vasiliy Ulyanov <vulyanov@suse.de>
Date: Thu, 3 Aug 2023 13:43:51 +0200
Subject: [PATCH] tests: Run helper pod as qemu (107) user

The helper pod needs permissions to access the PVC data. In most cases,
it is owned by the qemu (107) user.

Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
---
 tests/libstorage/pvc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/libstorage/pvc.go b/tests/libstorage/pvc.go
index f2dbdf8d3..b9157eac1 100644
--- a/tests/libstorage/pvc.go
+++ b/tests/libstorage/pvc.go
@@ -52,7 +52,7 @@ const (
 
 func RenderPodWithPVC(name string, cmd []string, args []string, pvc *k8sv1.PersistentVolumeClaim) *k8sv1.Pod {
 	volumeName := "disk0"
-	nonRootUser := int64(1042)
+	nonRootUser := int64(107)
 
 	// Change to 'pod := RenderPod(name, cmd, args)' once we have a libpod package
 	pod := &k8sv1.Pod{
@@ -102,6 +102,10 @@ func RenderPodWithPVC(name string, cmd []string, args []string, pvc *k8sv1.Persi
 	if volumeMode != nil && *volumeMode == k8sv1.PersistentVolumeBlock {
 		pod.Spec.Containers[0].VolumeDevices = addVolumeDevices(volumeName)
 	} else {
+		if pod.Spec.SecurityContext == nil {
+			pod.Spec.SecurityContext = &k8sv1.PodSecurityContext{}
+		}
+		pod.Spec.SecurityContext.FSGroup = &nonRootUser
 		pod.Spec.Containers[0].VolumeMounts = addVolumeMounts(volumeName)
 	}
 
-- 
2.41.0
Accepting request 1102849 from home:vulyanov:branches:Virtualization - Run helper pod as qemu user 0009-tests-Run-helper-pod-as-qemu-107-user.patch - SCSI reservation: fix leftover mount and resource permissions 0010-Fix-PR-leftover-mount-and-perms.patch OBS-URL: https://build.opensuse.org/request/show/1102849 OBS-URL: https://build.opensuse.org/package/show/Virtualization/kubevirt?expand=0&rev=128 2023-08-08 09:32:55 +00:00			`From 1cfcbff44f6310628769445fad570a8ccd18fe22 Mon Sep 17 00:00:00 2001`
			`From: Vasiliy Ulyanov <vulyanov@suse.de>`
			`Date: Thu, 3 Aug 2023 13:43:51 +0200`
			`Subject: [PATCH] tests: Run helper pod as qemu (107) user`

			`The helper pod needs permissions to access the PVC data. In most cases,`
			`it is owned by the qemu (107) user.`

			`Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>`
			`---`
			`tests/libstorage/pvc.go \| 6 +++++-`
			`1 file changed, 5 insertions(+), 1 deletion(-)`

			`diff --git a/tests/libstorage/pvc.go b/tests/libstorage/pvc.go`
			`index f2dbdf8d3..b9157eac1 100644`
			`--- a/tests/libstorage/pvc.go`
			`+++ b/tests/libstorage/pvc.go`
			`@@ -52,7 +52,7 @@ const (`

			`func RenderPodWithPVC(name string, cmd []string, args []string, pvc k8sv1.PersistentVolumeClaim) k8sv1.Pod {`
			`volumeName := "disk0"`
			`- nonRootUser := int64(1042)`
			`+ nonRootUser := int64(107)`

			`// Change to 'pod := RenderPod(name, cmd, args)' once we have a libpod package`
			`pod := &k8sv1.Pod{`
			`@@ -102,6 +102,10 @@ func RenderPodWithPVC(name string, cmd []string, args []string, pvc *k8sv1.Persi`
			`if volumeMode != nil && *volumeMode == k8sv1.PersistentVolumeBlock {`
			`pod.Spec.Containers[0].VolumeDevices = addVolumeDevices(volumeName)`
			`} else {`
			`+ if pod.Spec.SecurityContext == nil {`
			`+ pod.Spec.SecurityContext = &k8sv1.PodSecurityContext{}`
			`+ }`
			`+ pod.Spec.SecurityContext.FSGroup = &nonRootUser`
			`pod.Spec.Containers[0].VolumeMounts = addVolumeMounts(volumeName)`
			`}`

			`--`
			`2.41.0`