github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #104551 from Elbehery/unprivileged_storage_client

Browse Source 
[sig-storage] Run storage e2e test_client_pod as privileged
This commit is contained in:
Kubernetes Prow Robot 2021-10-20 05:01:58 -07:00 committed by GitHub
commit d5de03f0d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
test/e2e/framework/volume/fixtures.go
View File

@ -368,6 +368,16 @@ func runVolumeTesterPod(client clientset.Interface, timeouts *framework.TimeoutC
var gracePeriod int64 = 1 var gracePeriod int64 = 1
var command string var command string
/**
This condition fixes running storage e2e tests in SELinux environment.
HostPath Volume Plugin creates a directory within /tmp on host machine, to be mounted as volume.
Inject-pod writes content to the volume, and a client-pod tries the read the contents and verify.
When SELinux is enabled on the host, client-pod can not read the content, with permission denied.
Invoking client-pod as privileged, so that it can access the volume content, even when SELinux is enabled on the host.
*/
if config.Prefix == "hostpathsymlink" || config.Prefix == "hostpath" {
privileged = true
}
command = "while true ; do sleep 2; done " command = "while true ; do sleep 2; done "
seLinuxOptions := &v1.SELinuxOptions{Level: "s0:c0,c1"} seLinuxOptions := &v1.SELinuxOptions{Level: "s0:c0,c1"}
clientPod := &v1.Pod{ clientPod := &v1.Pod{