From: Sage Weil <sage@redhat.com>
Date: Mon, 3 Feb 2020 22:49:20 +0000 (-0600)
Subject: cephadm: add group 'disk' to privileged container
X-Git-Tag: v15.1.1~561^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F32995%2Fhead;p=ceph.git

cephadm: add group 'disk' to privileged container

This lets the osd read block devs that are group rw disk even after they
drop root privs.

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index 0678c7edde19..9768edeaa30b 100755
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -1500,7 +1500,9 @@ class CephContainer:
 
         priv = [] # type: List[str]
         if self.privileged:
-            priv = ['--privileged']
+            priv = ['--privileged',
+                    # let OSD etc read block devs that haven't been chowned
+                    '--group-add=disk']
         vols = sum(
             [['-v', '%s:%s' % (host_dir, container_dir)]
              for host_dir, container_dir in self.volume_mounts.items()], [])
@@ -1525,7 +1527,9 @@ class CephContainer:
         # type: (List[str]) -> List[str]
         priv = [] # type: List[str]
         if self.privileged:
-            priv = ['--privileged']
+            priv = ['--privileged',
+                    # let OSD etc read block devs that haven't been chowned
+                    '--group-add=disk']
         vols = [] # type: List[str]
         vols = sum(
             [['-v', '%s:%s' % (host_dir, container_dir)]