github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Update SELinux context log

Browse Source 
SELinux context discovered from Pod is not final, it can be cleared when a
volume plugin does not support SELinux or the volume is not
ReadWriteOncePod. Update the existing log line + add a new one for easier
debugging.
This commit is contained in:
Jan Safranek 2022-11-03 17:40:17 +01:00
parent e575e60ea4
commit cf912a2512
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/kubelet/volumemanager/cache/desired_state_of_world.go vendored
View File

@ -290,7 +290,7 @@ func (dsw *desiredStateOfWorld) AddPodToVolume(
if err != nil { if err != nil {
return "", err return "", err
} }
klog.V(4).InfoS("volume final SELinux label decided", "volume", volumeSpec.Name(), "label", seLinuxFileLabel) klog.V(4).InfoS("expected volume SELinux label context", "volume", volumeSpec.Name(), "label", seLinuxFileLabel)
if vol, volumeExists := dsw.volumesToMount[volumeName]; !volumeExists { if vol, volumeExists := dsw.volumesToMount[volumeName]; !volumeExists {
var sizeLimit *resource.Quantity var sizeLimit *resource.Quantity
@ -309,6 +309,7 @@ func (dsw *desiredStateOfWorld) AddPodToVolume(
} }
if !util.VolumeSupportsSELinuxMount(volumeSpec) { if !util.VolumeSupportsSELinuxMount(volumeSpec) {
// Clear SELinux label for the volume with unsupported access modes. // Clear SELinux label for the volume with unsupported access modes.
klog.V(4).InfoS("volume does not support SELinux context mount, clearing the expected label", "volume", volumeSpec.Name())
seLinuxFileLabel = "" seLinuxFileLabel = ""
} }
if seLinuxFileLabel != "" { if seLinuxFileLabel != "" {