Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure the Selinux type tag when the AppArmor is disabled regardless of EnableSelinux flag #1339

Merged
merged 2 commits into from
Nov 30, 2022
Merged

Configure the Selinux type tag when the AppArmor is disabled regardless of EnableSelinux flag #1339

merged 2 commits into from
Nov 30, 2022

Conversation

ccojocar
Copy link
Contributor

@ccojocar ccojocar commented Nov 29, 2022
edited
Loading

  • Configure the Selinux type tag when the AppArmor is disabled regardless of EnableSelinux flag
  • Use the proper init container ID to avoid confusion

What type of PR is this?

/kind bug

What this PR does / why we need it:

This introduced a regression on Flatcar Linux. The SELinux type tag needs to be configured independent of EnableSelinux flag, because the SELinux can be active on the node regardless if the SELinux feature is enabled or not in the operator.
For instance, on Flatcar Linux SELinux type tag needs to be set to 'unconfined_t' instead of 'spc_t'
even though SELinux is disabled in order to get the containers to start.

Which issue(s) this PR fixes:

Does this PR have test?

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Configure the Selinux type tag when the AppArmor is disabled regardless of EnableSelinux flag.

@ccojocar
Configure the Selinux type tag when the AppArmor is disabled regardle…
855b270 
…ss of EnableSelinux flag

The SELinux type tag needs to be configured independent of EnableSelinux flag, because the
SELinux can be active on the node regardless if the SELinux feature is enabled or not in the operator.
For instance, on Flatcar Linux SELinux type tag needs to be set to 'unconfined_t' instead of 'spc_t'
even though SELinux is disabled in order to get the containers to start.
@ccojocar
Use the proper init container ID to avoid confusion
b7dcf8f
@k8s-ci-robot k8s-ci-robot added do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 29, 2022
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Nov 29, 2022
@ccojocar
Copy link
Contributor Author

@pjbgf please could you also have a look since was introduced in 025c4d1.

pjbgf
pjbgf approved these changes Nov 30, 2022
View reviewed changes
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 30, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ccojocar, pjbgf

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 30, 2022
@pjbgf
Copy link
Member

pjbgf commented Nov 30, 2022

The failure is orthogonal, and is highlighting we need to bump the ubi-image.

@pjbgf
Copy link
Member

pjbgf commented Nov 30, 2022

I am overriding the ubi-image failure and merging this. We need to handle the ubi-image fix as a separate PR.

@pjbgf pjbgf merged commit 552542e into kubernetes-sigs:main Nov 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pjbgf pjbgf pjbgf approved these changes

@JAORMX JAORMX Awaiting requested review from JAORMX

@Vincent056 Vincent056 Awaiting requested review from Vincent056

Assignees

@pjbgf pjbgf

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ccojocar @k8s-ci-robot @pjbgf