From df5313af0a7d51ef8c1ed08b3b2fb01a30b67f47 Mon Sep 17 00:00:00 2001
From: Balazs Szekeres <balazs.szekeres@nokia.com>
Date: Wed, 4 Sep 2019 20:54:58 +0200
Subject: [PATCH] Rsync capability issue

Rsync when not run as root user, it needs group id and user id setter capability.
  cap_setgid
  cap_setuid

Change-Id: I396e0f4868492f8bb55f77229658e4dc6e05fcdc
Signed-off-by: Balazs Szekeres <balazs.szekeres@nokia.com>
---
 SPECS/swift.spec                                      | 2 +-
 ansible/roles/swift/templates/main/swift_main.yml     | 2 +-
 ansible/roles/swift/templates/update/swift_update.yml | 2 +-
 docker-build/swift/Dockerfile                         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/SPECS/swift.spec b/SPECS/swift.spec
index fd35728..c26c8f4 100644
--- a/SPECS/swift.spec
+++ b/SPECS/swift.spec
@@ -15,7 +15,7 @@
 %define COMPONENT swift
 %define RPM_NAME caas-%{COMPONENT}
 %define RPM_MAJOR_VERSION 2.22.0
-%define RPM_MINOR_VERSION 0
+%define RPM_MINOR_VERSION 1
 %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
 Name:           %{RPM_NAME}
 Version:        %{RPM_MAJOR_VERSION}
diff --git a/ansible/roles/swift/templates/main/swift_main.yml b/ansible/roles/swift/templates/main/swift_main.yml
index 7953160..a5560f4 100644
--- a/ansible/roles/swift/templates/main/swift_main.yml
+++ b/ansible/roles/swift/templates/main/swift_main.yml
@@ -40,7 +40,7 @@ spec:
           image: {{ container_image_names | select('search', '/swift') | list | last }}
           securityContext:
             capabilities:
-              add: ["NET_BIND_SERVICE"]
+              add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
           args:
             - BACKEND
           resources:
diff --git a/ansible/roles/swift/templates/update/swift_update.yml b/ansible/roles/swift/templates/update/swift_update.yml
index cffc531..a98a5b9 100644
--- a/ansible/roles/swift/templates/update/swift_update.yml
+++ b/ansible/roles/swift/templates/update/swift_update.yml
@@ -40,7 +40,7 @@ spec:
           image: {{ container_image_names | select('search', '/swift') | list | last }}
           securityContext:
             capabilities:
-              add: ["NET_BIND_SERVICE"]
+              add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
           args:
             - BACKEND
           resources:
diff --git a/docker-build/swift/Dockerfile b/docker-build/swift/Dockerfile
index 4233618..2ff94a9 100644
--- a/docker-build/swift/Dockerfile
+++ b/docker-build/swift/Dockerfile
@@ -156,6 +156,6 @@ python-lxml python-chardet python-requests \
 &&  yum clean all \
 &&  rm -rf /etc/yum.repos.d/luxembourg.repo \
 &&  rm -rf ${GOPATH} \
-&&  setcap 'cap_net_bind_service=+ep' /usr/bin/rsync
+&&  setcap 'cap_setgid,cap_setuid,cap_net_bind_service=+ep' /usr/bin/rsync
 
 ENTRYPOINT ["/usr/bin/mainstart.sh"]
-- 
2.16.6