From 04ad18ce4443587554c3e41ec2cbd11b12d2287f Mon Sep 17 00:00:00 2001
From: elbehery <melbeher@redhat.com>
Date: Mon, 11 Oct 2021 12:19:02 +0200
Subject: [PATCH] Run storage hostpath e2e test client pod as privileged

hostPath volume plugin creates a directory within /tmp on host machine, to be mounted as volume.
inject-pod writes content to the volume, and a client-pod tried the read the contents and verify.
when SELinux is enabled on the host, client-pod can not read the content, with permission denied.
running the client-pod as privileged, so that it can access the volume content, even when SEinux is enabled on the host.
---
 test/e2e/framework/volume/fixtures.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/test/e2e/framework/volume/fixtures.go b/test/e2e/framework/volume/fixtures.go
index 978ad8bd6db..3b32fa3f832 100644
--- a/test/e2e/framework/volume/fixtures.go
+++ b/test/e2e/framework/volume/fixtures.go
@@ -368,6 +368,16 @@ func runVolumeTesterPod(client clientset.Interface, timeouts *framework.TimeoutC
 	var gracePeriod int64 = 1
 	var command string
 
+	/**
+	This condition fixes running storage e2e tests in SELinux environment.
+	HostPath Volume Plugin creates a directory within /tmp on host machine, to be mounted as volume.
+	Inject-pod writes content to the volume, and a client-pod tries the read the contents and verify.
+	When SELinux is enabled on the host, client-pod can not read the content, with permission denied.
+	Invoking client-pod as privileged, so that it can access the volume content, even when SELinux is enabled on the host.
+	*/
+	if config.Prefix == "hostpathsymlink" || config.Prefix == "hostpath" {
+		privileged = true
+	}
 	command = "while true ; do sleep 2; done "
 	seLinuxOptions := &v1.SELinuxOptions{Level: "s0:c0,c1"}
 	clientPod := &v1.Pod{