Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36333

NROP: rte SELinux policy is not removed when the NUMAResourcesOperator is deleted

XMLWordPrintable

    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      When a NUMAResourcesOperator resource is created, a MachineConfig named 51-numaresources-<mcp name> is created by the operator. This MC adds an SELinux module to the nodes, via a file and a systemd resource.

If the NUMAResourcesOperator resource is removed, the file and systemd resources are removed, but the SELinux module will stay in the active configuration.

      Version-Release number of selected component (if applicable):

      Seen with Openshift 4.14.26 and NUMA Resources Operator 4.14.5

      How reproducible:

      Always

      Steps to Reproduce:

          1. Deploy NUMA Resources Operator and create a NUMAResourcesOperator resource
    2. Once the environment is stable, delete the NUMAResourcesOperator resource     
    3. On one of the nodes included in the resource, run "semodule -l | grep rte"

      Actual results:

      rte SELinux module remains active.

      Expected results:

      The rte SELinux module should be removed.

      Additional info:

      This will not be seen often in production, but it may impact test environments or initial deployments, if the NUMAResourcesOperator resource is modified or removed as part of a troubleshooting exercise.

              fromani@redhat.com Francesco Romani
              jpena@redhat.com Javier Pena
              Roy Shemtov Roy Shemtov
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: