7168bbe548
- Run helper pod as qemu user 0009-tests-Run-helper-pod-as-qemu-107-user.patch - SCSI reservation: fix leftover mount and resource permissions 0010-Fix-PR-leftover-mount-and-perms.patch OBS-URL: https://build.opensuse.org/request/show/1102849 OBS-URL: https://build.opensuse.org/package/show/Virtualization/kubevirt?expand=0&rev=128
41 lines
1.4 KiB
Diff
41 lines
1.4 KiB
Diff
From 1cfcbff44f6310628769445fad570a8ccd18fe22 Mon Sep 17 00:00:00 2001
|
|
From: Vasiliy Ulyanov <vulyanov@suse.de>
|
|
Date: Thu, 3 Aug 2023 13:43:51 +0200
|
|
Subject: [PATCH] tests: Run helper pod as qemu (107) user
|
|
|
|
The helper pod needs permissions to access the PVC data. In most cases,
|
|
it is owned by the qemu (107) user.
|
|
|
|
Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
|
|
---
|
|
tests/libstorage/pvc.go | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/tests/libstorage/pvc.go b/tests/libstorage/pvc.go
|
|
index f2dbdf8d3..b9157eac1 100644
|
|
--- a/tests/libstorage/pvc.go
|
|
+++ b/tests/libstorage/pvc.go
|
|
@@ -52,7 +52,7 @@ const (
|
|
|
|
func RenderPodWithPVC(name string, cmd []string, args []string, pvc *k8sv1.PersistentVolumeClaim) *k8sv1.Pod {
|
|
volumeName := "disk0"
|
|
- nonRootUser := int64(1042)
|
|
+ nonRootUser := int64(107)
|
|
|
|
// Change to 'pod := RenderPod(name, cmd, args)' once we have a libpod package
|
|
pod := &k8sv1.Pod{
|
|
@@ -102,6 +102,10 @@ func RenderPodWithPVC(name string, cmd []string, args []string, pvc *k8sv1.Persi
|
|
if volumeMode != nil && *volumeMode == k8sv1.PersistentVolumeBlock {
|
|
pod.Spec.Containers[0].VolumeDevices = addVolumeDevices(volumeName)
|
|
} else {
|
|
+ if pod.Spec.SecurityContext == nil {
|
|
+ pod.Spec.SecurityContext = &k8sv1.PodSecurityContext{}
|
|
+ }
|
|
+ pod.Spec.SecurityContext.FSGroup = &nonRootUser
|
|
pod.Spec.Containers[0].VolumeMounts = addVolumeMounts(volumeName)
|
|
}
|
|
|
|
--
|
|
2.41.0
|
|
|