From 4895c167bab9ae728b14acce91d1119fd3b8dbdf Mon Sep 17 00:00:00 2001 From: Jed Lejosne Date: Wed, 18 Jan 2023 13:29:42 -0500 Subject: [PATCH] KubeVirt: always set the feature gate that disables the custom SELinux policy Signed-off-by: Jed Lejosne --- .../hyperconverged/hyperconverged_controller_test.go | 1 + controllers/operands/kubevirt.go | 9 ++++----- controllers/operands/kubevirt_test.go | 4 ---- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/controllers/hyperconverged/hyperconverged_controller_test.go b/controllers/hyperconverged/hyperconverged_controller_test.go index 81de4ba484..2d2f6458cc 100644 --- a/controllers/hyperconverged/hyperconverged_controller_test.go +++ b/controllers/hyperconverged/hyperconverged_controller_test.go @@ -213,6 +213,7 @@ var _ = Describe("HyperconvergedController", func() { "NUMA", "WithHostPassthroughCPU", "VMExport", + "DisableCustomSELinuxPolicy", } // Get the KV kvList := &kubevirtcorev1.KubeVirtList{} diff --git a/controllers/operands/kubevirt.go b/controllers/operands/kubevirt.go index ba47d2421a..07364f7027 100644 --- a/controllers/operands/kubevirt.go +++ b/controllers/operands/kubevirt.go @@ -28,10 +28,6 @@ import ( hcoutil "github.com/kubevirt/hyperconverged-cluster-operator/pkg/util" ) -const ( - SELinuxLauncherType = "virt_launcher.process" -) - // env vars const ( kvmEmulationEnvName = "KVM_EMULATION" @@ -96,6 +92,9 @@ const ( // Export VMs to outside of the cluster kvVMExportGate = "VMExport" + + // Disable the installation and usage of the custom SELinux policy + kvDisableCustomSELinuxPolicyGate = "DisableCustomSELinuxPolicy" ) var ( @@ -112,6 +111,7 @@ var ( kvDownwardMetricsGate, kvNUMA, kvVMExportGate, + kvDisableCustomSELinuxPolicyGate, } // holds a list of mandatory KubeVirt feature gates. Some of them are the hard coded feature gates and some of @@ -355,7 +355,6 @@ func getKVConfig(hc *hcov1beta1.HyperConverged) (*kubevirtcorev1.KubeVirtConfigu config := &kubevirtcorev1.KubeVirtConfiguration{ DeveloperConfiguration: devConfig, - SELinuxLauncherType: SELinuxLauncherType, NetworkConfiguration: &kubevirtcorev1.NetworkConfiguration{ NetworkInterface: string(kubevirtcorev1.MasqueradeInterface), }, diff --git a/controllers/operands/kubevirt_test.go b/controllers/operands/kubevirt_test.go index f2c3765e8d..95b15e7451 100644 --- a/controllers/operands/kubevirt_test.go +++ b/controllers/operands/kubevirt_test.go @@ -238,8 +238,6 @@ Version: 1.2.3`) Expect(foundResource.Spec.Configuration.SMBIOSConfig.Sku).Should(Equal("1.2.3")) Expect(foundResource.Spec.Configuration.SMBIOSConfig.Version).Should(Equal("1.2.3")) - Expect(foundResource.Spec.Configuration.SELinuxLauncherType).Should(Equal(SELinuxLauncherType)) - Expect(foundResource.Spec.Configuration.NetworkConfiguration).ToNot(BeNil()) Expect(foundResource.Spec.Configuration.NetworkConfiguration.NetworkInterface).Should(Equal(string(kubevirtcorev1.MasqueradeInterface))) @@ -376,8 +374,6 @@ Version: 1.2.3`) Expect(foundResource.Spec.Configuration.SMBIOSConfig.Sku).Should(Equal("1.2.3")) Expect(foundResource.Spec.Configuration.SMBIOSConfig.Version).Should(Equal("1.2.3")) - Expect(foundResource.Spec.Configuration.SELinuxLauncherType).Should(Equal(SELinuxLauncherType)) - Expect(foundResource.Spec.Configuration.NetworkConfiguration).ToNot(BeNil()) Expect(foundResource.Spec.Configuration.NetworkConfiguration.NetworkInterface).Should(Equal(string(kubevirtcorev1.MasqueradeInterface)))