infrastructure/k8s-csi-s3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity

Drop geesefs root privileges

Browse source
This commit is contained in:
Vitaliy Filippov 2023-03-04 13:03:58 +03:00
parent bfba08742c
commit 2ad5d21714
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/mounter/geesefs.go
View file

@ -93,6 +93,11 @@ func (geesefs *geesefsMounter) Mount(source, target, volumeID string) error {
if geesefs.region != "" { if geesefs.region != "" {
args = append(args, "--region", geesefs.region) args = append(args, "--region", geesefs.region)
} }
args = append(
args,
"--setuid", "65534", // nobody. drop root privileges
"--setgid", "65534", // nogroup
)
useSystemd := true useSystemd := true
for i := 0; i < len(geesefs.meta.MountOptions); i++ { for i := 0; i < len(geesefs.meta.MountOptions); i++ {
if geesefs.meta.MountOptions[i] == "--no-systemd" { if geesefs.meta.MountOptions[i] == "--no-systemd" {