From 6e4504685f65ee00b8e1821236ca1465276969b4 Mon Sep 17 00:00:00 2001
From: Jan Safranek <jsafrane@redhat.com>
Date: Tue, 29 Oct 2024 13:39:44 +0100
Subject: [PATCH] Fix access mode evaluation

Now that SELinuxMount can support volumes with any access modes, length of
the access modes does not need to be 1. That was requirement for RWOP
volumes only.
---
 pkg/volume/util/selinux.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/volume/util/selinux.go b/pkg/volume/util/selinux.go
index d6ea382031e..9f567dbef74 100644
--- a/pkg/volume/util/selinux.go
+++ b/pkg/volume/util/selinux.go
@@ -174,16 +174,20 @@ func VolumeSupportsSELinuxMount(volumeSpec *volume.Spec) bool {
 	if volumeSpec.PersistentVolume == nil {
 		return false
 	}
-	if len(volumeSpec.PersistentVolume.Spec.AccessModes) != 1 {
-		return false
-	}
 	if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMount) {
 		return true
 	}
-	// Only SELinuxMountReadWriteOncePod feature enabled
-	if !v1helper.ContainsAccessMode(volumeSpec.PersistentVolume.Spec.AccessModes, v1.ReadWriteOncePod) {
+
+	// Only SELinuxMountReadWriteOncePod feature is enabled
+	if len(volumeSpec.PersistentVolume.Spec.AccessModes) != 1 {
+		// RWOP volumes must be the only access mode of the volume
 		return false
 	}
+	if !v1helper.ContainsAccessMode(volumeSpec.PersistentVolume.Spec.AccessModes, v1.ReadWriteOncePod) {
+		// Not a RWOP volume
+		return false
+	}
+	// RWOP volume
 	return true
 }