Sidekiq UBI 8 image has wrong permissions for directory /srv/gitlab/public/uploads
Summary
The bug results in sidekiq being unable to export the vulnerability report due to file permissions. Errno::EACCES: Permission denied @ dir_s_mkdir - /srv/gitlab/public/uploads/-
Steps to reproduce
Deployed using Helm.
UBI 8 Image:
docker run -it --rm registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v15.0.1-ubi8 /bin/bash
[git@536bfe8f92e9 public]$ ls -lah
total 76K
drwxrwxr-x 1 git root 4.0K Jun 1 12:56 -
drwxrwxr-x 1 git root 4.0K Jun 1 13:03 .
drwxrwxr-x 1 git root 4.0K Jun 1 13:04 ..
-rw-rw-r-- 1 git root 3.2K Jun 1 12:56 404.html
-rw-rw-r-- 1 git root 3.0K Jun 1 12:56 422.html
-rw-rw-r-- 1 git root 3.0K Jun 1 12:56 500.html
-rw-rw-r-- 1 git root 3.0K Jun 1 12:56 502.html
-rw-rw-r-- 1 git root 3.0K Jun 1 12:56 503.html
-rw-rw-r-- 1 git root 7.3K Jun 1 12:56 apple-touch-icon.png
drwxrwxr-x 1 git root 20K Jun 1 12:56 assets
-rw-rw-r-- 1 git root 2.6K Jun 1 12:56 deploy.html
-rw-rw-r-- 1 git root 2.3K Jun 1 12:56 robots.txt
-rw-rw-r-- 1 git root 1.5K Jun 1 12:56 slash-command-logo.png
drwx------ 2 root root 4.0K Jun 1 13:03 uploads <-------------- Right here
Debian:
docker run -it --rm registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v15.0.1 /bin/bash
git@ac3e85e09042:/srv/gitlab/public$ ls -lah
total 76K
drwxr-xr-x 4 git git 4.0K Jun 1 12:04 -
drwxr-xr-x 1 git git 4.0K Jun 1 12:55 .
drwxr-xr-x 1 git git 4.0K Jun 1 12:55 ..
-rw-r--r-- 1 git git 3.2K Jun 1 12:04 404.html
-rw-r--r-- 1 git git 3.0K Jun 1 12:04 422.html
-rw-r--r-- 1 git git 3.0K Jun 1 12:04 500.html
-rw-r--r-- 1 git git 3.0K Jun 1 12:04 502.html
-rw-r--r-- 1 git git 3.0K Jun 1 12:04 503.html
-rw-r--r-- 1 git git 7.3K Jun 1 12:04 apple-touch-icon.png
drwxr-xr-x 29 git git 20K Jun 1 12:53 assets
-rw-r--r-- 1 git git 2.6K Jun 1 12:04 deploy.html
-rw-r--r-- 1 git git 2.3K Jun 1 12:04 robots.txt
-rw-r--r-- 1 git git 1.5K Jun 1 12:04 slash-command-logo.png
drwx------ 2 git git 4.0K Jun 1 12:55 uploads <--------------- Compared to this
Example Project
What is the current bug behavior?
What is the expected correct behavior?
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
Edited by Tanner Bragg