readOnly not being respected #987
Description
Hello, and thanks for the free driver. I think I have found a bug in the "readOnly" setting.
What happened: I made a read-only PV and a read-only PVC, and yet a container using the PVC was able to write to the file system.
What you expected to happen: I expect that making a read-only PVC would prevent writing to the file system.
How to reproduce it:
pv-test.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-test
spec:
accessModes:
- ReadOnlyMany
capacity:
storage: 10Gi
csi:
driver: smb.csi.k8s.io
readOnly: true # Set to read-only at CSI level
nodeStageSecretRef:
name: airflow-smb-lhdata-credentials
namespace: dev-jeepatel-airflow
volumeAttributes:
source: //BEDSTRNTAPIMG02.corp.logixhealth.local/lhdata/Integrator_Data
volumeHandle: pv-test
mountOptions:
- dir_mode=0555 # Read-only directory permissions
- file_mode=0444 # Read-only file permissions
- vers=3.0
- domain=CORP
- ro # Read-only mount option
persistentVolumeReclaimPolicy: Retain
storageClassName: pv-testpvc-test.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-test
namespace: dev-jeepatel-airflow
spec:
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 10Gi
volumeName: pv-test
storageClassName: pv-testpod-test.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test
namespace: dev-jeepatel-airflow
spec:
restartPolicy: Never
containers:
- name: pod-test
image: ubuntu:22.04
command: ["/bin/sleep"]
args: ["infinity"]
volumeMounts:
- name: pod-test-volume
mountPath: /mnt/pvc-test
volumes:
- name: pod-test-volume
persistentVolumeClaim:
claimName: pvc-testWhen we exec into the Ubuntu container, we are successfully able to write to the mount, which means that the CSI driver is bugged - the read-only setting does nothing.
lhadmin@bedpk8s001:~/jeenil$ kd pod-test.yaml
pod "pod-test" deleted from dev-jeepatel-airflow namespace
lhadmin@bedpk8s001:~/jeenil$ ka pod-test.yaml
pod/pod-test created
lhadmin@bedpk8s001:~/jeenil$ k exec -it pod-test -n dev-jeepatel-airflow -- bash
root@pod-test:/# cd /mnt
root@pod-test:/mnt# ll
total 8
drwxr-xr-x 1 root root 4096 Oct 22 19:24 ./
drwxr-xr-x 1 root root 4096 Oct 22 19:24 ../
dr-xr-xr-x 2 root root 0 Oct 22 18:35 pvc-test/
root@pod-test:/mnt# cd pvc-test/
root@pod-test:/mnt/pvc-test# ll
total 5
dr-xr-xr-x 2 root root 0 Oct 22 18:35 ./
drwxr-xr-x 1 root root 4096 Oct 22 19:24 ../
dr-xr-xr-x 2 root root 0 Sep 16 13:57 Corp/
dr-xr-xr-x 2 root root 0 Jul 31 20:03 InboundHL7/
dr-xr-xr-x 2 root root 0 Oct 22 18:29 TEMP-CLOUD-backup/
-r--r--r-- 1 root root 0 Oct 22 18:35 test.txt
root@pod-test:/mnt/pvc-test# cat test.txt
root@pod-test:/mnt/pvc-test# rm test.txt
root@pod-test:/mnt/pvc-test# touch test2.txt
root@pod-test:/mnt/pvc-test# ll
total 5
dr-xr-xr-x 2 root root 0 Oct 22 19:24 ./
drwxr-xr-x 1 root root 4096 Oct 22 19:24 ../
dr-xr-xr-x 2 root root 0 Sep 16 13:57 Corp/
dr-xr-xr-x 2 root root 0 Jul 31 20:03 InboundHL7/
dr-xr-xr-x 2 root root 0 Oct 22 18:29 TEMP-CLOUD-backup/
-r--r--r-- 1 root root 0 Oct 22 19:24 test2.txt
root@pod-test:/mnt/pvc-test#
Anything else we need to know?:
Environment:
lhadmin@bedpk8s001:~/jeenil$ kubectl get po -n kube-system -o yaml | grep registry.k8s | grep smb
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
imageID: registry.k8s.io/sig-storage/smbplugin@sha256:6ee890f4f53704dc7ed68fc967d216c7762a3496ff53c15bec98e6dc0f969daf
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
imageID: registry.k8s.io/sig-storage/smbplugin@sha256:6ee890f4f53704dc7ed68fc967d216c7762a3496ff53c15bec98e6dc0f969daf
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
imageID: registry.k8s.io/sig-storage/smbplugin@sha256:6ee890f4f53704dc7ed68fc967d216c7762a3496ff53c15bec98e6dc0f969daf
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
image: registry.k8s.io/sig-storage/smbplugin:v1.18.0
imageID: registry.k8s.io/sig-storage/smbplugin@sha256:6ee890f4f53704dc7ed68fc967d216c7762a3496ff53c15bec98e6dc0f969daf
lhadmin@bedpk8s001:~/jeenil$ kubectl version
Client Version: v1.34.1
Kustomize Version: v5.7.1
Server Version: v1.34.1
lhadmin@bedpk8s001:~/jeenil$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
lhadmin@bedpk8s001:~/jeenil$ uname -a
Linux bedpk8s001 5.15.0-156-generic #166-Ubuntu SMP Sat Aug 9 00:02:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
lhadmin@bedpk8s001:~/jeenil$