From d77ee0d53fac017f976ef750fa5ba1959166e9ba Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@kinvolk.io>
Date: Fri, 21 Aug 2020 16:11:36 -0400
Subject: [PATCH] cluster/plan: don't relabel /lib/modules by default

As this logic went, it would relabel /lib/modules, except on enterprise
linux and when SELinux is enabled (even just permisive).

Flatcar Container Linux defaults to SELinux on, but permisive, and
`/lib/modules/` is a symlink to the read-only `/usr`.
So `./rke up` would fail on attempting to relabel /usr.

The prior work around is to set `SELINUX=disable` in
/etc/selinux/config.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
---
 cluster/plan.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/cluster/plan.go b/cluster/plan.go
index 042bb5cd..000ad8a5 100644
--- a/cluster/plan.go
+++ b/cluster/plan.go
@@ -602,11 +602,7 @@ func (c *Cluster) BuildKubeProxyProcess(host *hosts.Host, serviceOptions v3.Kube
 			"/run:/run",
 		}
 
-		BindModules := "/lib/modules:/lib/modules:z,ro"
-		if hosts.IsEnterpriseLinuxHost(host) && hosts.IsDockerSELinuxEnabled(host) && !hosts.IsEnterpriseLinuxDocker(host) {
-			// Avoid relabing on Enterprise Linux with Docker SELinux and upstream Docker
-			BindModules = "/lib/modules:/lib/modules:ro"
-		}
+		BindModules := "/lib/modules:/lib/modules:ro"
 		Binds = append(Binds, BindModules)
 	}
 	Binds = append(Binds, host.GetExtraBinds(kubeproxy.BaseService)...)