Skip to content

Sidekiq UBI 8 image has wrong permissions for directory /srv/gitlab/public/uploads

Summary

The bug results in sidekiq being unable to export the vulnerability report due to file permissions. Errno::EACCES: Permission denied @ dir_s_mkdir - /srv/gitlab/public/uploads/-

Steps to reproduce

Deployed using Helm.

UBI 8 Image:

docker run -it --rm registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v15.0.1-ubi8 /bin/bash

[git@536bfe8f92e9 public]$ ls -lah
total 76K
drwxrwxr-x 1 git  root 4.0K Jun  1 12:56 -
drwxrwxr-x 1 git  root 4.0K Jun  1 13:03 .
drwxrwxr-x 1 git  root 4.0K Jun  1 13:04 ..
-rw-rw-r-- 1 git  root 3.2K Jun  1 12:56 404.html
-rw-rw-r-- 1 git  root 3.0K Jun  1 12:56 422.html
-rw-rw-r-- 1 git  root 3.0K Jun  1 12:56 500.html
-rw-rw-r-- 1 git  root 3.0K Jun  1 12:56 502.html
-rw-rw-r-- 1 git  root 3.0K Jun  1 12:56 503.html
-rw-rw-r-- 1 git  root 7.3K Jun  1 12:56 apple-touch-icon.png
drwxrwxr-x 1 git  root  20K Jun  1 12:56 assets
-rw-rw-r-- 1 git  root 2.6K Jun  1 12:56 deploy.html
-rw-rw-r-- 1 git  root 2.3K Jun  1 12:56 robots.txt
-rw-rw-r-- 1 git  root 1.5K Jun  1 12:56 slash-command-logo.png
drwx------ 2 root root 4.0K Jun  1 13:03 uploads    <-------------- Right here

Debian:

docker run -it --rm registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v15.0.1 /bin/bash

git@ac3e85e09042:/srv/gitlab/public$ ls -lah
total 76K
drwxr-xr-x  4 git git 4.0K Jun  1 12:04 -
drwxr-xr-x  1 git git 4.0K Jun  1 12:55 .
drwxr-xr-x  1 git git 4.0K Jun  1 12:55 ..
-rw-r--r--  1 git git 3.2K Jun  1 12:04 404.html
-rw-r--r--  1 git git 3.0K Jun  1 12:04 422.html
-rw-r--r--  1 git git 3.0K Jun  1 12:04 500.html
-rw-r--r--  1 git git 3.0K Jun  1 12:04 502.html
-rw-r--r--  1 git git 3.0K Jun  1 12:04 503.html
-rw-r--r--  1 git git 7.3K Jun  1 12:04 apple-touch-icon.png
drwxr-xr-x 29 git git  20K Jun  1 12:53 assets
-rw-r--r--  1 git git 2.6K Jun  1 12:04 deploy.html
-rw-r--r--  1 git git 2.3K Jun  1 12:04 robots.txt
-rw-r--r--  1 git git 1.5K Jun  1 12:04 slash-command-logo.png
drwx------  2 git git 4.0K Jun  1 12:55 uploads    <--------------- Compared to this

Example Project

What is the current bug behavior?

What is the expected correct behavior?

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

Edited by Tanner Bragg