From 7117c93772fdf9084a606e6b9263bbe0be053dbf Mon Sep 17 00:00:00 2001
From: Chinasubbareddy Mallavarapu <cr3938@att.com>
Date: Wed, 4 Aug 2021 18:34:33 +0000
Subject: [PATCH] [ceph-osd] Change var crash mount propagation to
 HostToContainer

- As it will be a security violation to mount anything under /var
partition to pods , changing the mount propagation to HostToContainer

Change-Id: If7a27304507a9d1bcb9efcef4fc1146f77080a4f
---
 ceph-osd/Chart.yaml                   | 2 +-
 ceph-osd/templates/daemonset-osd.yaml | 3 +++
 releasenotes/notes/ceph-osd.yaml      | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ceph-osd/Chart.yaml b/ceph-osd/Chart.yaml
index 51bdb0e3e..f00154d68 100644
--- a/ceph-osd/Chart.yaml
+++ b/ceph-osd/Chart.yaml
@@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph OSD
 name: ceph-osd
-version: 0.1.27
+version: 0.1.28
 home: https://github.com/ceph/ceph
 ...
diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml
index d188d769a..7a349be6e 100644
--- a/ceph-osd/templates/daemonset-osd.yaml
+++ b/ceph-osd/templates/daemonset-osd.yaml
@@ -138,6 +138,7 @@ spec:
               readOnly: false
             - name: pod-var-crash
               mountPath: /var/crash
+              mountPropagation: HostToContainer
               readOnly: false
         - name: ceph-log-ownership
 {{ tuple $envAll "ceph_osd" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -283,6 +284,7 @@ spec:
               readOnly: false
             - name: pod-var-crash
               mountPath: /var/crash
+              mountPropagation: HostToContainer
               readOnly: false
       containers:
         - name: log-runner
@@ -449,6 +451,7 @@ spec:
               readOnly: false
             - name: pod-var-crash
               mountPath: /var/crash
+              mountPropagation: HostToContainer
               readOnly: false
       volumes:
         - name: pod-tmp
diff --git a/releasenotes/notes/ceph-osd.yaml b/releasenotes/notes/ceph-osd.yaml
index cdda2c0d8..73c52843e 100644
--- a/releasenotes/notes/ceph-osd.yaml
+++ b/releasenotes/notes/ceph-osd.yaml
@@ -28,4 +28,5 @@ ceph-osd:
   - 0.1.25 Export crash dumps when Ceph daemons crash
   - 0.1.26 Mount /var/crash inside ceph-osd pods
   - 0.1.27 Limit Ceph OSD Container Security Contexts
+  - 0.1.28 Change var crash mount propagation to HostToContainer
 ...