diff --git a/pkg/volume/csi/csi_attacher.go b/pkg/volume/csi/csi_attacher.go index be0b2e4e695..8ffb3acf49c 100644 --- a/pkg/volume/csi/csi_attacher.go +++ b/pkg/volume/csi/csi_attacher.go @@ -320,6 +320,23 @@ func (c *csiAttacher) MountDevice(spec *volume.Spec, devicePath string, deviceMo } } + var mountOptions []string + if spec.PersistentVolume != nil && spec.PersistentVolume.Spec.MountOptions != nil { + mountOptions = spec.PersistentVolume.Spec.MountOptions + } + + var seLinuxSupported bool + if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { + support, err := c.plugin.SupportsSELinuxContextMount(spec) + if err != nil { + return errors.New(log("failed to query for SELinuxMount support: %s", err)) + } + if support && deviceMounterArgs.SELinuxLabel != "" { + mountOptions = util.AddSELinuxMountOption(mountOptions, deviceMounterArgs.SELinuxLabel) + seLinuxSupported = true + } + } + // Store volume metadata for UnmountDevice. Keep it around even if the // driver does not support NodeStage, UnmountDevice still needs it. if err = os.MkdirAll(deviceMountPath, 0750); err != nil { @@ -328,9 +345,12 @@ func (c *csiAttacher) MountDevice(spec *volume.Spec, devicePath string, deviceMo klog.V(4).Info(log("created target path successfully [%s]", deviceMountPath)) dataDir := filepath.Dir(deviceMountPath) data := map[string]string{ - volDataKey.volHandle: csiSource.VolumeHandle, - volDataKey.driverName: csiSource.Driver, - volDataKey.seLinuxMountContext: deviceMounterArgs.SELinuxLabel, + volDataKey.volHandle: csiSource.VolumeHandle, + volDataKey.driverName: csiSource.Driver, + } + + if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) && seLinuxSupported { + data[volDataKey.seLinuxMountContext] = deviceMounterArgs.SELinuxLabel } err = saveVolumeData(dataDir, volDataFileName, data) @@ -364,21 +384,6 @@ func (c *csiAttacher) MountDevice(spec *volume.Spec, devicePath string, deviceMo accessMode = spec.PersistentVolume.Spec.AccessModes[0] } - var mountOptions []string - if spec.PersistentVolume != nil && spec.PersistentVolume.Spec.MountOptions != nil { - mountOptions = spec.PersistentVolume.Spec.MountOptions - } - - if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - support, err := c.plugin.SupportsSELinuxContextMount(spec) - if err != nil { - return errors.New(log("failed to query for SELinuxMount support: %s", err)) - } - if support && deviceMounterArgs.SELinuxLabel != "" { - mountOptions = util.AddSELinuxMountOption(mountOptions, deviceMounterArgs.SELinuxLabel) - } - } - var nodeStageFSGroupArg *int64 driverSupportsCSIVolumeMountGroup, err := csi.NodeSupportsVolumeMountGroup(ctx) if err != nil { diff --git a/pkg/volume/csi/csi_mounter.go b/pkg/volume/csi/csi_mounter.go index bf9014238d6..1974b036753 100644 --- a/pkg/volume/csi/csi_mounter.go +++ b/pkg/volume/csi/csi_mounter.go @@ -275,6 +275,10 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error volDataKey.attachmentID: getAttachmentName(volumeHandle, string(c.driverName), nodeName), } + if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) && selinuxLabelMount { + volData[volDataKey.seLinuxMountContext] = mounterArgs.SELinuxLabel + } + err = saveVolumeData(parentDir, volDataFileName, volData) defer func() { // Only if there was an error and volume operation was considered