From 3335a5bb195474d521db8adfc18faa92e130f5c8 Mon Sep 17 00:00:00 2001 From: Paul Morie Date: Tue, 27 Sep 2016 11:19:54 -0400 Subject: [PATCH] Move SELinux proposal to docs/design --- docs/{proposals => design}/selinux.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) rename docs/{proposals => design}/selinux.md (97%) diff --git a/docs/proposals/selinux.md b/docs/design/selinux.md similarity index 97% rename from docs/proposals/selinux.md rename to docs/design/selinux.md index 7865263ea75..0b67ea4af9e 100644 --- a/docs/proposals/selinux.md +++ b/docs/design/selinux.md @@ -18,11 +18,6 @@ If you are using a released version of Kubernetes, you should refer to the docs that go with that version. - - -The latest release of this document can be found -[here](http://releases.k8s.io/release-1.4/docs/proposals/selinux.md). - Documentation for other releases can be found at [releases.k8s.io](http://releases.k8s.io). @@ -131,7 +126,8 @@ Kubernetes volumes can be divided into two broad categories: 3. Block device based volumes in `ReadOnlyMany` or `ReadWriteMany` modes are shared because they may be used simultaneously by multiple pods. -For unshared storage, SELinux handling for most volumes can be generalized into running a `chcon` operation on the volume directory after running the volume plugin's `Setup` function. For these +For unshared storage, SELinux handling for most volumes can be generalized into running a `chcon` +operation on the volume directory after running the volume plugin's `Setup` function. For these volumes, the Kubelet can perform the `chcon` operation and keep SELinux concerns out of the volume plugin code. Some volume plugins may need to use the SELinux context during a mount operation in certain cases. To account for this, our design must have a way for volume plugins to state that @@ -343,6 +339,8 @@ to manage labels individually. This allows the volume plugins to determine when they do and don't want this type of support from the Kubelet, and allows the criteria each plugin uses to evolve without changing the Kubelet. + + -[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/proposals/selinux.md?pixel)]() +[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/design/selinux.md?pixel)]()