Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-61197

[4.20] SELinux warning controller does not report conflicts with ""

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 4.20.0
    • 4.20
    • Storage / Kubernetes
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Approved
    • None
    • In Progress
    • Release Note Not Required
    • None
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-60946. The following is the description of the original issue:

      Description of problem:

      A pod with label :::s0:c0,c2 should conflicts with a pod with label ::: (or ""). Kubernetes does not report such a conflict.

      How reproducible:

      always

      Steps to Reproduce:

          1. Run two pods sharing the same PVC, one with spec.securityContext.seLinuxOptions.level = "s0:c0,c2" and the second one with `nil`. Make sure it's not defaulted by SCC, e.g. by running the second pod as privileged.

      Actual results:

      `oc describe pod` does not show any event about SELinux conflict

      Expected results:

      `oc describe pod` shows a conflict

      Additional info:

              rhn-engineering-jsafrane Jan Safranek
              rhn-engineering-jsafrane Jan Safranek
              None
              None
              Chao Yang Chao Yang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: