Selinux enabled and permission denied #36
Labels
bug
Something isn't working
Comments
|
Just ran into the same issue, is there a workaround or an SELinux policy that can be applied? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
With the latest version of the provider and Selinux enabled on the worker nodes, pods falls into error state.
The logs show permission denied:
``F0712 10:30:24.765098 1 main.go:52] Failed to listen on unix socket. error: listen unix /etc/kubernetes/secrets-store-csi-providers/aws.sock: bind: permission denied
goroutine 1 [running]:
k8s.io/klog/v2.stacks(0xc000126001, 0xc0001662a0, 0xac, 0xda)
/home/ec2-user/go/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:996 +0xb9
k8s.io/klog/v2.(*loggingT).output(0x25bc120, 0xc000000003, 0x0, 0x0, 0xc0004bc150, 0x251e471, 0x7, 0x34, 0x0)
/home/ec2-user/go/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:945 +0x191
k8s.io/klog/v2.(*loggingT).printf(0x25bc120, 0x3, 0x0, 0x0, 0x195dfad, 0x2a, 0xc00041fef8, 0x1, 0x1)
/home/ec2-user/go/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:733 +0x17a
k8s.io/klog/v2.Fatalf(...)
/home/ec2-user/go/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:1463
main.main()
/home/ec2-user/secrets-store-csi-driver-provider-aws/main.go:52 +0x3be
goroutine 18 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0x25bc120)
/home/ec2-user/go/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:1131 +0x8b
created by k8s.io/klog/v2.init.0
/home/ec2-user/go/pkg/mod/k8s.io/klog/v2@v2.3.0/klog.go:416 +0xd8
goroutine 20 [syscall]:
os/signal.signal_recv(0x0)
/usr/lib/golang/src/runtime/sigqueue.go:147 +0x9d
os/signal.loop()
/usr/lib/golang/src/os/signal/signal_unix.go:23 +0x25
created by os/signal.Notify.func1.1
/usr/lib/golang/src/os/signal/signal.go:150 +0x45``
By adding security option to disable Selinux on the pods, it is working fine.
securityContext:
seLinuxOptions:
type: spc_t
Do you have any ideas on how you could make it work naively with Selinux please?
Thanks
The text was updated successfully, but these errors were encountered: