mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-12 20:57:20 +00:00
Remove use of RootContext in empty_dir.go
This commit is contained in:
Paul Morie
@@ -25,7 +25,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
"k8s.io/kubernetes/pkg/types"
|
"k8s.io/kubernetes/pkg/types"
|
||||||
"k8s.io/kubernetes/pkg/util/mount"
|
"k8s.io/kubernetes/pkg/util/mount"
|
||||||
"k8s.io/kubernetes/pkg/util/selinux"
|
|
||||||
"k8s.io/kubernetes/pkg/util/strings"
|
"k8s.io/kubernetes/pkg/util/strings"
|
||||||
"k8s.io/kubernetes/pkg/volume"
|
"k8s.io/kubernetes/pkg/volume"
|
||||||
volumeutil "k8s.io/kubernetes/pkg/volume/util"
|
volumeutil "k8s.io/kubernetes/pkg/volume/util"
|
||||||
@@ -106,7 +105,6 @@ func (plugin *emptyDirPlugin) newMounterInternal(spec *volume.Spec, pod *api.Pod
|
|||||||
mounter: mounter,
|
mounter: mounter,
|
||||||
mountDetector: mountDetector,
|
mountDetector: mountDetector,
|
||||||
plugin: plugin,
|
plugin: plugin,
|
||||||
rootContext: plugin.host.GetRootContext(),
|
|
||||||
MetricsProvider: volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host)),
|
MetricsProvider: volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host)),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@@ -165,7 +163,6 @@ type emptyDir struct {
|
|||||||
mounter mount.Interface
|
mounter mount.Interface
|
||||||
mountDetector mountDetector
|
mountDetector mountDetector
|
||||||
plugin *emptyDirPlugin
|
plugin *emptyDirPlugin
|
||||||
rootContext string
|
|
||||||
volume.MetricsProvider
|
volume.MetricsProvider
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -203,17 +200,11 @@ func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Determine the effective SELinuxOptions to use for this volume.
|
|
||||||
securityContext := ""
|
|
||||||
if selinux.SELinuxEnabled() {
|
|
||||||
securityContext = ed.rootContext
|
|
||||||
}
|
|
||||||
|
|
||||||
switch ed.medium {
|
switch ed.medium {
|
||||||
case api.StorageMediumDefault:
|
case api.StorageMediumDefault:
|
||||||
err = ed.setupDir(dir)
|
err = ed.setupDir(dir)
|
||||||
case api.StorageMediumMemory:
|
case api.StorageMediumMemory:
|
||||||
err = ed.setupTmpfs(dir, securityContext)
|
err = ed.setupTmpfs(dir)
|
||||||
default:
|
default:
|
||||||
err = fmt.Errorf("unknown storage medium %q", ed.medium)
|
err = fmt.Errorf("unknown storage medium %q", ed.medium)
|
||||||
}
|
}
|
||||||
@@ -229,7 +220,7 @@ func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error {
|
|||||||
|
|
||||||
// setupTmpfs creates a tmpfs mount at the specified directory with the
|
// setupTmpfs creates a tmpfs mount at the specified directory with the
|
||||||
// specified SELinux context.
|
// specified SELinux context.
|
||||||
func (ed *emptyDir) setupTmpfs(dir string, selinux string) error {
|
func (ed *emptyDir) setupTmpfs(dir string) error {
|
||||||
if ed.mounter == nil {
|
if ed.mounter == nil {
|
||||||
return fmt.Errorf("memory storage requested, but mounter is nil")
|
return fmt.Errorf("memory storage requested, but mounter is nil")
|
||||||
}
|
}
|
||||||
@@ -247,17 +238,8 @@ func (ed *emptyDir) setupTmpfs(dir string, selinux string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// By default a tmpfs mount will receive a different SELinux context
|
glog.V(3).Infof("pod %v: mounting tmpfs for volume %v", ed.pod.UID, ed.volName)
|
||||||
// which is not readable from the SELinux context of a docker container.
|
return ed.mounter.Mount("tmpfs", dir, "tmpfs", nil /* options */)
|
||||||
var opts []string
|
|
||||||
if selinux != "" {
|
|
||||||
opts = []string{fmt.Sprintf("rootcontext=\"%v\"", selinux)}
|
|
||||||
} else {
|
|
||||||
opts = []string{}
|
|
||||||
}
|
|
||||||
|
|
||||||
glog.V(3).Infof("pod %v: mounting tmpfs for volume %v with opts %v", ed.pod.UID, ed.volName, opts)
|
|
||||||
return ed.mounter.Mount("tmpfs", dir, "tmpfs", opts)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// setupDir creates the directory with the specified SELinux context and
|
// setupDir creates the directory with the specified SELinux context and
|
||||||
|
|||||||
@@ -33,9 +33,9 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// Construct an instance of a plugin, by name.
|
// Construct an instance of a plugin, by name.
|
||||||
func makePluginUnderTest(t *testing.T, plugName, basePath, rootContext string) volume.VolumePlugin {
|
func makePluginUnderTest(t *testing.T, plugName, basePath string) volume.VolumePlugin {
|
||||||
plugMgr := volume.VolumePluginMgr{}
|
plugMgr := volume.VolumePluginMgr{}
|
||||||
plugMgr.InitPlugins(ProbeVolumePlugins(), volumetest.NewFakeVolumeHost(basePath, nil, nil, rootContext))
|
plugMgr.InitPlugins(ProbeVolumePlugins(), volumetest.NewFakeVolumeHost(basePath, nil, nil, "" /* rootContext */))
|
||||||
|
|
||||||
plug, err := plugMgr.FindPluginByName(plugName)
|
plug, err := plugMgr.FindPluginByName(plugName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -50,7 +50,7 @@ func TestCanSupport(t *testing.T) {
|
|||||||
t.Fatalf("can't make a temp dir: %v", err)
|
t.Fatalf("can't make a temp dir: %v", err)
|
||||||
}
|
}
|
||||||
defer os.RemoveAll(tmpDir)
|
defer os.RemoveAll(tmpDir)
|
||||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir, "" /* rootContext */)
|
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir)
|
||||||
|
|
||||||
if plug.GetPluginName() != "kubernetes.io/empty-dir" {
|
if plug.GetPluginName() != "kubernetes.io/empty-dir" {
|
||||||
t.Errorf("Wrong name: %s", plug.GetPluginName())
|
t.Errorf("Wrong name: %s", plug.GetPluginName())
|
||||||
@@ -75,44 +75,13 @@ func (fake *fakeMountDetector) GetMountMedium(path string) (storageMedium, bool,
|
|||||||
func TestPluginEmptyRootContext(t *testing.T) {
|
func TestPluginEmptyRootContext(t *testing.T) {
|
||||||
doTestPlugin(t, pluginTestConfig{
|
doTestPlugin(t, pluginTestConfig{
|
||||||
medium: api.StorageMediumDefault,
|
medium: api.StorageMediumDefault,
|
||||||
rootContext: "",
|
|
||||||
expectedSetupMounts: 0,
|
expectedSetupMounts: 0,
|
||||||
expectedTeardownMounts: 0})
|
expectedTeardownMounts: 0})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPluginRootContextSet(t *testing.T) {
|
|
||||||
if !selinuxEnabled() {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
doTestPlugin(t, pluginTestConfig{
|
|
||||||
medium: api.StorageMediumDefault,
|
|
||||||
rootContext: "user:role:type:range",
|
|
||||||
expectedSELinux: "user:role:type:range",
|
|
||||||
expectedSetupMounts: 0,
|
|
||||||
expectedTeardownMounts: 0})
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestPluginTmpfs(t *testing.T) {
|
|
||||||
if !selinuxEnabled() {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
doTestPlugin(t, pluginTestConfig{
|
|
||||||
medium: api.StorageMediumMemory,
|
|
||||||
rootContext: "user:role:type:range",
|
|
||||||
expectedSELinux: "user:role:type:range",
|
|
||||||
expectedSetupMounts: 1,
|
|
||||||
shouldBeMountedBeforeTeardown: true,
|
|
||||||
expectedTeardownMounts: 1})
|
|
||||||
}
|
|
||||||
|
|
||||||
type pluginTestConfig struct {
|
type pluginTestConfig struct {
|
||||||
medium api.StorageMedium
|
medium api.StorageMedium
|
||||||
rootContext string
|
|
||||||
SELinuxOptions *api.SELinuxOptions
|
|
||||||
idempotent bool
|
idempotent bool
|
||||||
expectedSELinux string
|
|
||||||
expectedSetupMounts int
|
expectedSetupMounts int
|
||||||
shouldBeMountedBeforeTeardown bool
|
shouldBeMountedBeforeTeardown bool
|
||||||
expectedTeardownMounts int
|
expectedTeardownMounts int
|
||||||
@@ -130,7 +99,7 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) {
|
|||||||
volumePath = path.Join(basePath, "pods/poduid/volumes/kubernetes.io~empty-dir/test-volume")
|
volumePath = path.Join(basePath, "pods/poduid/volumes/kubernetes.io~empty-dir/test-volume")
|
||||||
metadataDir = path.Join(basePath, "pods/poduid/plugins/kubernetes.io~empty-dir/test-volume")
|
metadataDir = path.Join(basePath, "pods/poduid/plugins/kubernetes.io~empty-dir/test-volume")
|
||||||
|
|
||||||
plug = makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath, config.rootContext)
|
plug = makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath)
|
||||||
volumeName = "test-volume"
|
volumeName = "test-volume"
|
||||||
spec = &api.Volume{
|
spec = &api.Volume{
|
||||||
Name: volumeName,
|
Name: volumeName,
|
||||||
@@ -142,24 +111,6 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) {
|
|||||||
pod = &api.Pod{ObjectMeta: api.ObjectMeta{UID: types.UID("poduid")}}
|
pod = &api.Pod{ObjectMeta: api.ObjectMeta{UID: types.UID("poduid")}}
|
||||||
)
|
)
|
||||||
|
|
||||||
// Set up the SELinux options on the pod
|
|
||||||
if config.SELinuxOptions != nil {
|
|
||||||
pod.Spec = api.PodSpec{
|
|
||||||
Containers: []api.Container{
|
|
||||||
{
|
|
||||||
SecurityContext: &api.SecurityContext{
|
|
||||||
SELinuxOptions: config.SELinuxOptions,
|
|
||||||
},
|
|
||||||
VolumeMounts: []api.VolumeMount{
|
|
||||||
{
|
|
||||||
Name: volumeName,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if config.idempotent {
|
if config.idempotent {
|
||||||
physicalMounter.MountPoints = []mount.MountPoint{
|
physicalMounter.MountPoints = []mount.MountPoint{
|
||||||
{
|
{
|
||||||
@@ -258,7 +209,7 @@ func TestPluginBackCompat(t *testing.T) {
|
|||||||
}
|
}
|
||||||
defer os.RemoveAll(basePath)
|
defer os.RemoveAll(basePath)
|
||||||
|
|
||||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath, "" /* rootContext */)
|
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath)
|
||||||
|
|
||||||
spec := &api.Volume{
|
spec := &api.Volume{
|
||||||
Name: "vol1",
|
Name: "vol1",
|
||||||
@@ -287,7 +238,7 @@ func TestMetrics(t *testing.T) {
|
|||||||
}
|
}
|
||||||
defer os.RemoveAll(tmpDir)
|
defer os.RemoveAll(tmpDir)
|
||||||
|
|
||||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir, "" /* rootContext */)
|
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir)
|
||||||
|
|
||||||
spec := &api.Volume{
|
spec := &api.Volume{
|
||||||
Name: "vol1",
|
Name: "vol1",
|
||||||
|
|||||||
Reference in New Issue
Block a user