[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] SELinux permission problem with fedora 25 but not 24 when using emptyDir: {}
- From: Dusty Mabe <dusty dustymabe com>
- To: atomic-devel projectatomic io
- Subject: Re: [atomic-devel] SELinux permission problem with fedora 25 but not 24 when using emptyDir: {}
- Date: Sun, 15 Jan 2017 16:08:25 -0500
On 01/14/2017 10:09 AM, Muayyad AlSadi wrote:
> Hi,
>
> I have a kube spec like this (full yaml here https://paste.fedoraproject.org/527041/48440635/raw/)
>
> ...
> spec:
> containers:
> - name: mypod
> image: fedora
> imagePullPolicy: Always
> command:
> - /bin/bash
> args:
> - "-c"
> - "sleep 3600"
> volumeMounts:
> - name: mydata
> mountPath: /data
> volumes:
> - name: mydata
> emptyDir: {}
> securityContext: {}
> ...
>
> when I kubectl exec into it and type
>
> touch /data/something
>
> it gives permission problem
>
> the directory ls -lhdZ .
>
> drwxrwxrwx. 2 root root system_u:object_r:var_lib_t:s0 6 Jan 14 15:06 .
I'm seeing the same thing. Will have to investigate further to get to
the bottom of it.
>
> docker inspect show something like
>
> ...
> "MountLabel": "system_u:object_r:container_file_t:s0:c191,c610",
> "ProcessLabel": "system_u:system_r:container_t:s0:c191,c610",
> ...
> "Binds": [
> "/var/lib/kubelet/pods/fd1dba6c-da67-11e6-9f74-0aeaf5f6fe91/volumes/kubernetes.io <http://kubernetes.io>~empty-dir/redis:/data",
> ...
> "SecurityOpt": [
> "seccomp=unconfined"
> ],
> ...
>
> do I have to adjust kube config or label /var/lib/kubelet/ ?
>
>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]