local-storage: Fix permission

/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777

Fixes k3s-io#2348

Signed-off-by: Boleyn Su <[email protected]>

manifests/local-storage.yaml

@@ -129,7 +129,7 @@ data:
         esac
     done
     mkdir -m 0777 -p ${absolutePath}
-    chmod 701 ${absolutePath}/..
+    chmod 700 ${absolutePath}/..
   teardown: |-
     #!/bin/sh
     while getopts "m:s:p:" opt

tests/integration/localstorage/localstorage_int_test.go

@@ -62,7 +62,7 @@ var _ = Describe("local storage", func() {
 			var k3sStorage = "/var/lib/rancher/k3s/storage"
 			fileStat, err := os.Stat(k3sStorage)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(fmt.Sprintf("%04o", fileStat.Mode().Perm())).To(Equal("0701"))
+			Expect(fmt.Sprintf("%04o", fileStat.Mode().Perm())).To(Equal("0700"))
 
 			pvResult, err := testutil.K3sCmd("kubectl get --namespace=default pv")
 			Expect(err).ToNot(HaveOccurred())
@@ -72,6 +72,10 @@ var _ = Describe("local storage", func() {
 			fileStat, err = os.Stat(k3sStorage + "/" + volumeName)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(fmt.Sprintf("%04o", fileStat.Mode().Perm())).To(Equal("0777"))
+
+			touchResult, err := testutil.K3sCmd("kubectl --namespace=default exec -it volume-test -- touch /data/file")
+			Expect(err).ToNot(HaveOccurred())
+			Expect(touchResult).To(Equal(""))
 		})
 		It("deletes properly", func() {
 			Expect(testutil.K3sCmd("kubectl delete --namespace=default --force pod volume-test")).

tests/integration/localstorage/testdata/localstorage_pod.yaml

@@ -6,13 +6,17 @@ metadata:
 spec:
   containers:
   - name: volume-test
-    image: nginx:stable-alpine
+    image: busybox:stable
     imagePullPolicy: IfNotPresent
+    commands:
+    - sleep
+    - infinity
     volumeMounts:
     - name: volv
       mountPath: /data
-    ports:
-    - containerPort: 80
+    securityContext:
+      runAsUser: 1000
+      runAsGroup: 1000
   volumes:
   - name: volv
     persistentVolumeClaim: