[atomic-devel] SELinux permission problem with fedora 25 but not 24 when using emptyDir: {}

[Muayyad AlSadi <alsadi gmail com>]

Hi,

I have a kube spec like this (full yaml here https://paste.fedoraproject.org/527041/48440635/raw/)

...

    spec:

      containers:

        - name: mypod

          image: fedora

          imagePullPolicy: Always

          command:

            - /bin/bash

          args:

            - "-c"

            - "sleep 3600"

          volumeMounts:

            - name: mydata

              mountPath: /data

      volumes:

        - name: mydata

          emptyDir: {}

      securityContext: {}

...

when I kubectl exec into it and type

touch /data/something

it gives permission problem

the directory ls -lhdZ .

drwxrwxrwx. 2 root root system_u:object_r:var_lib_t:s0 6 Jan 14 15:06 .

docker inspect show something like

...

        "MountLabel": "system_u:object_r:container_file_t:s0:c191,c610",

        "ProcessLabel": "system_u:system_r:container_t:s0:c191,c610",

...

            "Binds": [

                "/var/lib/kubelet/pods/fd1dba6c-da67-11e6-9f74-0aeaf5f6fe91/volumes/kubernetes.io~empty-dir/redis:/data",

...

            "SecurityOpt": [

                "seccomp=unconfined"

            ],

...

do I have to adjust kube config or label /var/lib/kubelet/ ?