-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
premerge, 4.15
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
No
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Could not to use selinux when mount azure disk volume
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
1.Create pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc1
spec:
storageClassName: "managed-csi"
accessModes:
- ReadWriteOncePod
resources:
requests:
storage: 1Gi
2. Create pod
apiVersion: v1
kind: Pod
metadata:
name: podsec2
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
seLinuxOptions:
level: s0:c26,c10
seccompProfile:
type: RuntimeDefault
volumes:
- name: task-pv-storage
persistentVolumeClaim:
claimName: pvc1
containers:
- name: task-pv-container
image: quay.io/openshifttest/hello-openshift@sha256:56c354e7885051b6bb4263f9faa58b2c292d44790599b7dde0e49e7c466cf339
command: [ "sh", "-c", "sleep 1h" ]
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: task-pv-storage
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
3.
I1025 07:38:42.521824 1 nodeserver.go:279] NodePublishVolume: mounting /var/lib/kubelet/plugins/kubernetes.io/csi/disk.csi.azure.com/d3a349ef112d37479d790f6d60034f6b81623652764e129165bd634c9e059aa4/globalmount at /var/lib/kubelet/pods/672b0758-df79-491d-9ff2-58f9757f064c/volumes/kubernetes.io~csi/pvc-544bba09-fba7-47a9-b5ca-a7c27359fef3/mount
I1025 07:38:42.521846 1 mount_linux.go:220] Mounting cmd (mount) with arguments ( -o bind /var/lib/kubelet/plugins/kubernetes.io/csi/disk.csi.azure.com/d3a349ef112d37479d790f6d60034f6b81623652764e129165bd634c9e059aa4/globalmount /var/lib/kubelet/pods/672b0758-df79-491d-9ff2-58f9757f064c/volumes/kubernetes.io~csi/pvc-544bba09-fba7-47a9-b5ca-a7c27359fef3/mount)
I1025 07:38:42.523993 1 mount_linux.go:220] Mounting cmd (mount) with arguments ( -o bind,remount /var/lib/kubelet/plugins/kubernetes.io/csi/disk.csi.azure.com/d3a349ef112d37479d790f6d60034f6b81623652764e129165bd634c9e059aa4/globalmount /var/lib/kubelet/pods/672b0758-df79-491d-9ff2-58f9757f064c/volumes/kubernetes.io~csi/pvc-544bba09-fba7-47a9-b5ca-a7c27359fef3/mount)
I1025 07:38:42.525718 1 nodeserver.go:284] NodePublishVolume: mount /var/lib/kubelet/plugins/kubernetes.io/csi/disk.csi.azure.com/d3a349ef112d37479d790f6d60034f6b81623652764e129165bd634c9e059aa4/globalmount at /var/lib/kubelet/pods/672b0758-df79-491d-9ff2-58f9757f064c/volumes/kubernetes.io~csi/pvc-544bba09-fba7-47a9-b5ca-a7c27359fef3/mount successfully
sh-5.1# mount | grep pvc-544bba09-fba7-47a9-b5ca-a7c27359fef3
/dev/sdc on /var/lib/kubelet/pods/672b0758-df79-491d-9ff2-58f9757f064c/volumes/kubernetes.io~csi/pvc-544bba09-fba7-47a9-b5ca-a7c27359fef3/mount type ext4 (rw,relatime,context="system_u:object_r:container_file_t:s0:c10,c26")
sh-5.1# cat vol_data.json
{"driverName":"disk.csi.azure.com","seLinuxMountContext":"system_u:object_r:container_file_t:s0:c26,c10","volumeHandle":"/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-ipwkdpb-1d09d-xwssn-rg/providers/Microsoft.Compute/disks/pvc-544bba09-fba7-47a9-b5ca-a7c27359fef3"}
Actual results:
Expected results:
Additional info:
Discussing link: https://redhat-internal.slack.com/archives/GK0DA0JR5/p1698165916581209
