1. Proposed title of this feature request

Selinux context mounts

2. What is the nature and description of the request?

As of today when selinux is enabled, the PV's files are relabeled when attaching the PV to the pod, this can cause timeout when the PVs contains lot of files as well as overloading the storage backend.

https://access.redhat.com/solutions/6221251 provides few workarounds until the proper fix is implemented. Unfortunately these workaround are not perfect and we need a long term seamless optimised solution.

This RFE tracks the long term solution where the PV FS will be mounted with the right selinux context thus avoiding to relabel every file.

3. Why does the customer need this? (List the business requirements here)

Selinux is a absolute must have when it comes to security enforcement. The current selinux implementation (labelling files) brings some serious issues with PV's attachment and can potentially cause problems to the storage backend.

4. List any affected packages or components.

OCP storage

KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1710-selinux-relabeling

Current targets: 4.13 Alpha - 4.14 beta/tech preview - GA will depends on beta/TP release date