Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix chcon error -- Issue #640 #658

Merged
merged 4 commits into from
Jun 24, 2019
Merged

Fix chcon error -- Issue #640 #658

merged 4 commits into from
Jun 24, 2019

Conversation

wdurairaj
Copy link
Collaborator

Fix for issue #640

Issue summary:
On RHEL with SElinux enabled configuration, chcon command as part of dory mount process fails on the mount point of a NFS share.

Debug: 2019/06/03 16:06:48 flexvol.go:509: doMount: bind mounted dockerPath=/opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200 at flexvolPath=/var/lib/origin/openshift.local.volumes/pods/bbb2ba9d-85eb-11e9-b4ea-f40343a90200/volumes/hpe.com~hpe/sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200
Debug: 2019/06/03 16:06:48 cmd.go:33: ExecCommandOutput called with selinuxenabled[]
Debug: 2019/06/03 16:06:48 cmd.go:49: out :
Debug: 2019/06/03 16:06:48 selinux.go:32: selinuxenabled returned 0 and err=<nil>
Debug: 2019/06/03 16:06:48 selinux.go:43: Chcon about to change context of /opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200 to svirt_sandbox_file_t
Debug: 2019/06/03 16:06:48 cmd.go:33: ExecCommandOutput called with chcon[-t svirt_sandbox_file_t /opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200]
Debug: 2019/06/03 16:06:48 cmd.go:49: out :chcon: failed to change context of ‘/opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200’ to ‘system_u:object_r:svirt_sandbox_file_t:s0’: Operation not supported
Debug: 2019/06/03 16:06:48 cmd.go:49: out :
Info : 2019/06/03 16:06:48 dory.go:100: [13807] reply  : mount [/var/lib/origin/openshift.local.volumes/pods/bbb2ba9d-85eb-11e9-b4ea-f40343a90200/volumes/hpe.com~hpe/sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200 {"filePersona":"","fpg":"DockerFpg_0","kubernetes.io/fsType":"","kubernetes.io/pod.name":"pod-filepersona","kubernetes.io/pod.namespace":"default","kubernetes.io/pod.uid":"bbb2ba9d-85eb-11e9-b4ea-f40343a90200","kubernetes.io/pvOrVolumeName":"sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200","kubernetes.io/readwrite":"rw","kubernetes.io/serviceAccount.name":"default","name":"sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200"}]: {"status":"Failure","message":"rc=1"}

Fix is to set -o context="system_u:object_r:nfs_t:s0" as part of the mount command via the plugin itself.

@wdurairaj wdurairaj requested a review from imran-ansari June 18, 2019 13:53
@wdurairaj
Copy link
Collaborator Author

@imran-ansari , can you review this change ?

imran-ansari
imran-ansari approved these changes Jun 19, 2019
View reviewed changes
Copy link
Collaborator

@imran-ansari imran-ansari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@wdurairaj wdurairaj merged commit 73fcc74 into hpe-storage:plugin_v2 Jun 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imran-ansari imran-ansari imran-ansari approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wdurairaj @imran-ansari