github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 03:11:40 +00:00
Code Issues Projects Releases Wiki Activity

Add SELinux feature check for iSCSI volume plugin

Browse Source 
In theory the check is not necessary, but for sake of robustness and
completenes, let's check SELinuxMountReadWriteOncePod feature gate before
assuming anything about SELinux labels.
This commit is contained in:
Jan Safranek 2022-07-28 14:47:22 +02:00
parent 49148ddfd0
commit 4df3f58737
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/volume/iscsi/iscsi.go
View File

@ -24,7 +24,9 @@ import (
"strconv"
"strings"
utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/klog/v2"
"k8s.io/kubernetes/pkg/features"
"k8s.io/mount-utils"
utilexec "k8s.io/utils/exec"
"k8s.io/utils/io"
@ -366,9 +368,12 @@ func (b *iscsiDiskMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e
if err != nil {
klog.Errorf("iscsi: failed to setup")
}
// The volume must have been mounted in MountDevice with -o context.
// TODO: extract from mount table in GetAttributes() to be sure?
b.mountedWithSELinuxContext = mounterArgs.SELinuxLabel != ""
if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) {
// The volume must have been mounted in MountDevice with -o context.
// TODO: extract from mount table in GetAttributes() to be sure?
b.mountedWithSELinuxContext = mounterArgs.SELinuxLabel != ""
}
return err
}