mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
Merge pull request #108156 from jsafrane/rename-selinuxsupport
Rename SupportsSELinux to SELinuxRelabel
This commit is contained in:
commit
eacbf87bfe
@ -175,7 +175,7 @@ func makeMounts(pod *v1.Pod, podDir string, container *v1.Container, hostName, h
|
||||
// If the volume supports SELinux and it has not been
|
||||
// relabeled already and it is not a read-only volume,
|
||||
// relabel it and mark it as labeled
|
||||
if vol.Mounter.GetAttributes().Managed && vol.Mounter.GetAttributes().SupportsSELinux && !vol.SELinuxLabeled {
|
||||
if vol.Mounter.GetAttributes().Managed && vol.Mounter.GetAttributes().SELinuxRelabel && !vol.SELinuxLabeled {
|
||||
vol.SELinuxLabeled = true
|
||||
relabelVolume = true
|
||||
}
|
||||
|
@ -350,9 +350,9 @@ var _ volume.Mounter = &awsElasticBlockStoreMounter{}
|
||||
|
||||
func (b *awsElasticBlockStoreMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -239,9 +239,9 @@ var _ volume.Mounter = &azureFileMounter{}
|
||||
|
||||
func (b *azureFileMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -56,9 +56,9 @@ func (m *azureDiskMounter) GetAttributes() volume.Attributes {
|
||||
readOnly = *volumeSource.ReadOnly
|
||||
}
|
||||
return volume.Attributes{
|
||||
ReadOnly: readOnly,
|
||||
Managed: !readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: readOnly,
|
||||
Managed: !readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -206,9 +206,9 @@ var _ volume.Mounter = &cephfsMounter{}
|
||||
|
||||
func (cephfsVolume *cephfsMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: cephfsVolume.readonly,
|
||||
Managed: false,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: cephfsVolume.readonly,
|
||||
Managed: false,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -371,9 +371,9 @@ type cinderVolume struct {
|
||||
|
||||
func (b *cinderVolumeMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -157,9 +157,9 @@ var _ volume.Mounter = &configMapVolumeMounter{}
|
||||
|
||||
func (sv *configMapVolume) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -352,9 +352,9 @@ func (c *csiMountMgr) podServiceAccountTokenAttrs() (map[string]string, error) {
|
||||
|
||||
func (c *csiMountMgr) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: c.readOnly,
|
||||
Managed: !c.readOnly,
|
||||
SupportsSELinux: c.supportsSELinux,
|
||||
ReadOnly: c.readOnly,
|
||||
Managed: !c.readOnly,
|
||||
SELinuxRelabel: c.supportsSELinux,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -153,9 +153,9 @@ var _ volume.Mounter = &downwardAPIVolumeMounter{}
|
||||
// downward API volumes are always ReadOnlyManaged
|
||||
func (d *downwardAPIVolume) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -219,9 +219,9 @@ type emptyDir struct {
|
||||
|
||||
func (ed *emptyDir) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: false,
|
||||
Managed: true,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: false,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -364,9 +364,9 @@ var _ volume.Mounter = &fcDiskMounter{}
|
||||
|
||||
func (b *fcDiskMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -45,9 +45,9 @@ func (f *mounterDefaults) SetUpAt(dir string, mounterArgs volume.MounterArgs) er
|
||||
func (f *mounterDefaults) GetAttributes() volume.Attributes {
|
||||
klog.V(5).Info(logPrefix(f.plugin), "using default GetAttributes")
|
||||
return volume.Attributes{
|
||||
ReadOnly: f.readOnly,
|
||||
Managed: !f.readOnly,
|
||||
SupportsSELinux: f.flexVolume.plugin.capabilities.SELinuxRelabel,
|
||||
ReadOnly: f.readOnly,
|
||||
Managed: !f.readOnly,
|
||||
SELinuxRelabel: f.flexVolume.plugin.capabilities.SELinuxRelabel,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -214,9 +214,9 @@ type flockerVolumeMounter struct {
|
||||
|
||||
func (b *flockerVolumeMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: false,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: false,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -354,9 +354,9 @@ var _ volume.Mounter = &gcePersistentDiskMounter{}
|
||||
|
||||
func (b *gcePersistentDiskMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -161,9 +161,9 @@ var _ volume.Mounter = &gitRepoVolumeMounter{}
|
||||
|
||||
func (b *gitRepoVolumeMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: false,
|
||||
Managed: true,
|
||||
SupportsSELinux: true, // xattr change should be okay, TODO: double check
|
||||
ReadOnly: false,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true, // xattr change should be okay, TODO: double check
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -251,9 +251,9 @@ var _ volume.Mounter = &glusterfsMounter{}
|
||||
|
||||
func (b *glusterfsMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: false,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: false,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -225,9 +225,9 @@ var _ volume.Mounter = &hostPathMounter{}
|
||||
|
||||
func (b *hostPathMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: false,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: false,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -346,9 +346,9 @@ var _ volume.Mounter = &iscsiDiskMounter{}
|
||||
|
||||
func (b *iscsiDiskMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -504,9 +504,9 @@ var _ volume.Mounter = &localVolumeMounter{}
|
||||
|
||||
func (m *localVolumeMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: m.readOnly,
|
||||
Managed: !m.readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: m.readOnly,
|
||||
Managed: !m.readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -18,11 +18,12 @@ package nfs
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
netutil "k8s.io/utils/net"
|
||||
"os"
|
||||
"runtime"
|
||||
"time"
|
||||
|
||||
netutil "k8s.io/utils/net"
|
||||
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/mount-utils"
|
||||
utilstrings "k8s.io/utils/strings"
|
||||
@ -232,9 +233,9 @@ var _ volume.Mounter = &nfsMounter{}
|
||||
|
||||
func (nfsMounter *nfsMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: nfsMounter.readOnly,
|
||||
Managed: false,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: nfsMounter.readOnly,
|
||||
Managed: false,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -18,10 +18,11 @@ package portworx
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/mount-utils"
|
||||
utilstrings "k8s.io/utils/strings"
|
||||
"os"
|
||||
|
||||
volumeclient "github.com/libopenstorage/openstorage/api/client/volume"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
@ -287,9 +288,9 @@ var _ volume.Mounter = &portworxVolumeMounter{}
|
||||
|
||||
func (b *portworxVolumeMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -168,9 +168,9 @@ var _ volume.Mounter = &projectedVolumeMounter{}
|
||||
|
||||
func (sv *projectedVolume) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -225,9 +225,9 @@ var _ volume.Mounter = &quobyteMounter{}
|
||||
|
||||
func (mounter *quobyteMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: mounter.readOnly,
|
||||
Managed: false,
|
||||
SupportsSELinux: false,
|
||||
ReadOnly: mounter.readOnly,
|
||||
Managed: false,
|
||||
SELinuxRelabel: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -19,28 +19,27 @@ package rbd
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
dstrings "strings"
|
||||
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/mount-utils"
|
||||
utilexec "k8s.io/utils/exec"
|
||||
utilstrings "k8s.io/utils/strings"
|
||||
|
||||
v1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/resource"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apimachinery/pkg/util/uuid"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
"k8s.io/kubernetes/pkg/volume"
|
||||
volutil "k8s.io/kubernetes/pkg/volume/util"
|
||||
"k8s.io/kubernetes/pkg/volume/util/volumepathhandler"
|
||||
"k8s.io/mount-utils"
|
||||
utilexec "k8s.io/utils/exec"
|
||||
utilstrings "k8s.io/utils/strings"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -832,9 +831,9 @@ var _ volume.Mounter = &rbdMounter{}
|
||||
|
||||
func (rbd *rbd) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: rbd.ReadOnly,
|
||||
Managed: !rbd.ReadOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: rbd.ReadOnly,
|
||||
Managed: !rbd.ReadOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -162,9 +162,9 @@ var _ volume.Mounter = &secretVolumeMounter{}
|
||||
|
||||
func (sv *secretVolume) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: true,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -328,9 +328,9 @@ var _ volume.Mounter = &storageosMounter{}
|
||||
|
||||
func (b *storageosMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: b.readOnly,
|
||||
Managed: !b.readOnly,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -686,9 +686,9 @@ func getUniqueVolumeName(spec *Spec) (string, error) {
|
||||
|
||||
func (_ *FakeVolume) GetAttributes() Attributes {
|
||||
return Attributes{
|
||||
ReadOnly: false,
|
||||
Managed: true,
|
||||
SupportsSELinux: true,
|
||||
ReadOnly: false,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -115,9 +115,9 @@ type Metrics struct {
|
||||
|
||||
// Attributes represents the attributes of this mounter.
|
||||
type Attributes struct {
|
||||
ReadOnly bool
|
||||
Managed bool
|
||||
SupportsSELinux bool
|
||||
ReadOnly bool
|
||||
Managed bool
|
||||
SELinuxRelabel bool
|
||||
}
|
||||
|
||||
// MounterArgs provides more easily extensible arguments to Mounter
|
||||
|
@ -208,8 +208,8 @@ type vsphereVolumeMounter struct {
|
||||
|
||||
func (b *vsphereVolumeMounter) GetAttributes() volume.Attributes {
|
||||
return volume.Attributes{
|
||||
SupportsSELinux: true,
|
||||
Managed: true,
|
||||
SELinuxRelabel: true,
|
||||
Managed: true,
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user