github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 03:33:56 +00:00
Code Issues Projects Releases Wiki Activity

Don't guess SELinux support on error

Browse Source 
When GetSELinuxSupport() fails, don't assume a mounted filesystem does not
support SELinux at all. Try again instead in the next SetUp retry.

This may hurt performance a bit, since kubelet will call NodePublishVolume
again, but it's better than providing wrong information to the container
runtime that will then skip relabeling of the volume.
This commit is contained in:
Jan Safranek 2021-10-27 11:47:05 +02:00
parent dba9975e3e
commit 186810eb47
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/volume/csi/csi_mounter.go
View File

@ -276,7 +276,8 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error
c.supportsSELinux, err = c.kubeVolHost.GetHostUtil().GetSELinuxSupport(dir) c.supportsSELinux, err = c.kubeVolHost.GetHostUtil().GetSELinuxSupport(dir)
if err != nil { if err != nil {
klog.V(2).Info(log("error checking for SELinux support: %s", err)) // The volume is mounted. Return UncertainProgressError, so kubelet will unmount it when user deletes the pod.
return volumetypes.NewUncertainProgressError(fmt.Sprintf("error checking for SELinux support: %s", err))
} }
if !driverSupportsCSIVolumeMountGroup && c.supportsFSGroup(fsType, mounterArgs.FsGroup, c.fsGroupPolicy) { if !driverSupportsCSIVolumeMountGroup && c.supportsFSGroup(fsType, mounterArgs.FsGroup, c.fsGroupPolicy) {