From cb096174377165b08f9b0268f74afedddb690e91 Mon Sep 17 00:00:00 2001
From: Humble Chirammal <hchiramm@redhat.com>
Date: Tue, 8 Feb 2022 09:36:24 +0530
Subject: [PATCH] cephfs: dont set explicit permissions on the volume

At present we are node staging with worldwide permissions which is
not correct. We should allow the CO to take care of it and make
the decision. This commit also remove `fuseMountOptions` and
`KernelMountOptions` as they are no longer needed

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 8f6a7da538f6c2b3a2d23fb7cf4ce13a5b450134)
---
 internal/cephfs/nodeserver.go | 28 ----------------------------
 1 file changed, 28 deletions(-)

diff --git a/internal/cephfs/nodeserver.go b/internal/cephfs/nodeserver.go
index 8b7c55476..9c2bc145a 100644
--- a/internal/cephfs/nodeserver.go
+++ b/internal/cephfs/nodeserver.go
@@ -164,8 +164,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
 	log.DebugLog(ctx, "cephfs: mounting volume %s with %s", volID, m.Name())
 
 	readOnly := "ro"
-	fuseMountOptions := strings.Split(volOptions.FuseMountOptions, ",")
-	kernelMountOptions := strings.Split(volOptions.KernelMountOptions, ",")
 
 	if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY ||
 		req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY {
@@ -173,12 +171,10 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
 		case *mounter.FuseMounter:
 			if !csicommon.MountOptionContains(strings.Split(volOptions.FuseMountOptions, ","), readOnly) {
 				volOptions.FuseMountOptions = util.MountOptionsAdd(volOptions.FuseMountOptions, readOnly)
-				fuseMountOptions = append(fuseMountOptions, readOnly)
 			}
 		case *mounter.KernelMounter:
 			if !csicommon.MountOptionContains(strings.Split(volOptions.KernelMountOptions, ","), readOnly) {
 				volOptions.KernelMountOptions = util.MountOptionsAdd(volOptions.KernelMountOptions, readOnly)
-				kernelMountOptions = append(kernelMountOptions, readOnly)
 			}
 		}
 	}
@@ -191,30 +187,6 @@ func (*NodeServer) mount(ctx context.Context, volOptions *core.VolumeOptions, re
 
 		return status.Error(codes.Internal, err.Error())
 	}
-	if !csicommon.MountOptionContains(kernelMountOptions, readOnly) &&
-		!csicommon.MountOptionContains(fuseMountOptions, readOnly) {
-		// #nosec - allow anyone to write inside the stagingtarget path
-		err = os.Chmod(stagingTargetPath, 0o777)
-		if err != nil {
-			log.ErrorLog(
-				ctx,
-				"failed to change stagingtarget path %s permission for volume %s: %v",
-				stagingTargetPath,
-				volID,
-				err)
-			uErr := mounter.UnmountVolume(ctx, stagingTargetPath)
-			if uErr != nil {
-				log.ErrorLog(
-					ctx,
-					"failed to umount stagingtarget path %s for volume %s: %v",
-					stagingTargetPath,
-					volID,
-					uErr)
-			}
-
-			return status.Error(codes.Internal, err.Error())
-		}
-	}
 
 	return nil
 }