Skip to content

THREESCALE-7942: Apicast logs shows permission denied in a tmp file #1394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

THREESCALE-7942: Apicast logs shows permission denied in a tmp file #1394

wants to merge 1 commit into from

Conversation

ernaniaz
Copy link
Contributor

@ernaniaz ernaniaz commented Mar 7, 2023

This commit removes the warning message at the start of APIcast POD
like this one:
env: '/tmp/FXal6CekIq': Permission denied

The message occur at the start of OpenResty script, that check their own
script, but there's no execution permission to do that, showing this
warning message.

To not change the behavior of the script, this patch just added a
"2>/dev/null" at the end of the command, so, if it works, will not
change what's expected.

If changed the file mode to 0755, another error will be shown. This
indicates that this command was coded for a specific function not used
here.

This commit fix the Jira issue THREESCALE-7942.

https://issues.redhat.com/browse/THREESCALE-7942

@ernaniaz
THREESCALE-7942: Apicast logs shows permission denied in a tmp file
00f9831 
 This commit removes the warning message at the start of APIcast POD
 like this one:
 env: '/tmp/FXal6CekIq': Permission denied

 The message occur at the start of OpenResty script, that check their own
 script, but there's no execution permission to do that, showing this
 warning message.

 To not change the behavior of the script, this patch just added a
 "2>/dev/null" at the end of the command, so, if it works, will not
 change what's expected.

 If changed the file mode to 0755, another error will be shown. This
 indicates that this command was coded for a specific function not used
 here.

 This commit fix the Jira issue THREESCALE-7942.

 https://issues.redhat.com/browse/THREESCALE-7942
@ernaniaz ernaniaz requested a review from a team as a code owner March 7, 2023 20:17
kevprice83
kevprice83 requested changes Mar 8, 2023
View reviewed changes
Copy link
Member

@kevprice83 kevprice83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like we are just hiding the problem by not printing it to the error log stream. If in a subsequent release this does actually cause a problem then it will be even harder to debug.

I would suggest that we look at the Dockerfile or s2i which builds the image. Is this reproducible on an upstream image in quay.io? If yes then maybe the upstream and downstream images are built the same way and we can address this directly in the upstream.

If this issue is only reproducible in the downstream then we might need help accessing that environment to modify the artifacts where the local user permissions are set when building the container image.

Possibly diong something like:

chown -R 1001:0 /tmp

Will be enough.

@ernaniaz
Copy link
Contributor Author

ernaniaz commented Mar 8, 2023

Doing a chown -R 1001:0 /tmp will not fix. Please refer to my comment in the Jira Issue. The error happen because it's not an executable (+x) file, and not because of ownership or directory permission. If you fix the permission of the file, which is 600 by default to 700, it will throw a longer error, and will not return anything useful to the code. This is clearly a code that it's not used in the APIcast POD initialization. We could remove this code, but I suggested to suppress the error message in case some day it became useful.

@eguzki
Copy link
Member

eguzki commented Mar 9, 2023

I agree with Kevin. stderr should not be shadowed.

s2i is gone, so we would need to fix the docker file (or whatever is being built from the docker build process). It is also happening in upstream, so I suggest we first fix it in upstream and then port the fix to downstream.

I can help with that

@eguzki
Copy link
Member

eguzki commented Mar 22, 2023

@ernaniaz I am trying to address this issue in #1398

I would appreciate your feedback

@eguzki
Copy link
Member

eguzki commented Mar 27, 2023

closing as this issue was covered in #1398

@eguzki eguzki closed this Mar 27, 2023
@eguzki eguzki deleted the THREESCALE-7942 branch March 30, 2023 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevprice83 kevprice83 kevprice83 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ernaniaz @eguzki @kevprice83