From c0d0834f8dec293b3a11b60bdd18dcdb87cf5610 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 19 Jul 2016 22:42:49 -0400
Subject: [PATCH] One selinux enabled systems, it might require to relabel
 /var/lib/kubelet, otherwise following tests fail:

Summarizing 7 Failures:

[Fail] [k8s.io] ConfigMap [It] updates should be reflected in volume [Conformance]
/root/upstream-code/gocode/src/k8s.io/kubernetes/test/e2e_node/configmap.go:131

[Fail] [k8s.io] ConfigMap [It] should be consumable from pods in volume as non-root with FSGroup [Feature:FSGroup]
/root/upstream-code/gocode/src/k8s.io/kubernetes/test/e2e/framework/util.go:2115

[Fail] [k8s.io] ConfigMap [It] should be consumable from pods in volume with mappings as non-root [Conformance]
/root/upstream-code/gocode/src/k8s.io/kubernetes/test/e2e/framework/util.go:2115

[Fail] [k8s.io] ConfigMap [It] should be consumable from pods in volumpe [Conformance]
/root/upstream-code/gocode/src/k8s.io/kubernetes/test/e2e/framework/util.go:2115

[Fail] [k8s.io] ConfigMap [It] should be consumable from pods in volume with mappings [Conformance]
/root/upstream-code/gocode/src/k8s.io/kubernetes/test/e2e/framework/util.go:2115

[Fail] [k8s.io] ConfigMap [It] should be consumable from pods in volume with mappings as non-root with FSGroup [Feature:FSGroup]
/root/upstream-code/gocode/src/k8s.io/kubernetes/test/e2e/framework/util.go:2115

[Fail] [k8s.io] ConfigMap [It] should be consumable from pods in volume as non-root [Conformance]
/root/upstream-code/gocode/src/k8s.io/kubernetes/test/e2e/framework/util.go:2115
---
 hack/make-rules/test-e2e-node.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/hack/make-rules/test-e2e-node.sh b/hack/make-rules/test-e2e-node.sh
index 0640f6033ac..feb36a5f6c0 100755
--- a/hack/make-rules/test-e2e-node.sh
+++ b/hack/make-rules/test-e2e-node.sh
@@ -131,6 +131,21 @@ else
   if ! [[ $test_args =~ "--disable-kubenet" ]]; then
     test_args="$test_args --disable-kubenet=true"
   fi
+
+  # On selinux enabled systems, it might
+  # require to relabel /var/lib/kubelet
+  if which selinuxenabled &> /dev/null && \
+     selinuxenabled && \
+     which chcon > /dev/null ; then
+     mkdir -p /var/lib/kubelet
+     if [[ ! $(ls -Zd /var/lib/kubelet) =~ svirt_sandbox_file_t ]] ; then
+        echo "Applying SELinux label to /var/lib/kubelet directory."
+        if ! sudo chcon -Rt svirt_sandbox_file_t /var/lib/kubelet; then
+           echo "Failed to apply selinux label to /var/lib/kubelet."
+        fi
+     fi
+  fi
+
   # Test using the host the script was run on
   # Provided for backwards compatibility
   set -x