Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[1.20] BZ2015427 - Skip volume relabel for super privileged containers #5413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Oct 21, 2021
Merged

[1.20] BZ2015427 - Skip volume relabel for super privileged containers #5413

openshift-merge-robot merged 1 commit into from
Oct 21, 2021

Conversation

@saschagrunert
Copy link
Member

@saschagrunert saschagrunert commented Oct 19, 2021

What type of PR is this?

/kind feature

What this PR does / why we need it:

If a container or pod specifies the SELinux type spc_t, then we skip
the volume relabel.

Cherry-picked: 13182e6

Which issue(s) this PR fixes:

Refers to #5386

Special notes for your reviewer:

@cri-o/cri-o-maintainers PTAL

Does this PR introduce a user-facing change?

Skip SELinux volume relabeling for super privileged containers (`securityContext.seLinuxOptions.type = "spc_t"`).

@openshift-ci openshift-ci bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/feature Categorizes issue or PR as related to a new feature. labels Oct 19, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 19, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot requested review from sameo and vrothberg October 19, 2021 07:43
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 19, 2021
@saschagrunert saschagrunert force-pushed the release-1.20-spc_t-relabel-skip branch 2 times, most recently from a066dd6 to ae7e601 Compare October 19, 2021 07:44
@haircommander haircommander force-pushed the release-1.20-spc_t-relabel-skip branch from ae7e601 to 1dd9079 Compare October 20, 2021 19:43
@saschagrunert @haircommander
Skip volume relabel for super privileged containers
8475160 
If a container or pod specifies the SELinux type `spc_t`, then we skip
the volume relabel.

Cherry-picked: 13182e6
Signed-off-by: Sascha Grunert <[email protected]>
@haircommander haircommander force-pushed the release-1.20-spc_t-relabel-skip branch from 1dd9079 to 8475160 Compare October 20, 2021 19:59
@haircommander
Copy link
Member

haircommander commented Oct 20, 2021

/retest

@haircommander
Copy link
Member

haircommander commented Oct 21, 2021

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 21, 2021
@openshift-merge-robot openshift-merge-robot merged commit e80c8db into cri-o:release-1.20 Oct 21, 2021
@saschagrunert saschagrunert deleted the release-1.20-spc_t-relabel-skip branch October 21, 2021 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@runcom runcom Awaiting requested review from runcom runcom is a code owner

@sameo sameo Awaiting requested review from sameo

@vrothberg vrothberg Awaiting requested review from vrothberg

Assignees

@haircommander haircommander

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@saschagrunert @haircommander @openshift-merge-robot