search

hpe-storage / python-hpedockerplugin

HPE Native Docker Plugin
Apache License 2.0
36 stars 64 forks source link

Fix chcon error -- Issue #640 #658

Closed wdurairaj closed 5 years ago

wdurairaj commented 5 years ago

Fix for issue #640

Issue summary: On RHEL with SElinux enabled configuration, chcon command as part of dory mount process fails on the mount point of a NFS share.

Debug: 2019/06/03 16:06:48 flexvol.go:509: doMount: bind mounted dockerPath=/opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200 at flexvolPath=/var/lib/origin/openshift.local.volumes/pods/bbb2ba9d-85eb-11e9-b4ea-f40343a90200/volumes/hpe.com~hpe/sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200
Debug: 2019/06/03 16:06:48 cmd.go:33: ExecCommandOutput called with selinuxenabled[]
Debug: 2019/06/03 16:06:48 cmd.go:49: out :
Debug: 2019/06/03 16:06:48 selinux.go:32: selinuxenabled returned 0 and err=<nil>
Debug: 2019/06/03 16:06:48 selinux.go:43: Chcon about to change context of /opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200 to svirt_sandbox_file_t
Debug: 2019/06/03 16:06:48 cmd.go:33: ExecCommandOutput called with chcon[-t svirt_sandbox_file_t /opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200]
Debug: 2019/06/03 16:06:48 cmd.go:49: out :chcon: failed to change context of ‘/opt/hpe/data/hpedocker-bbb2ba9d-85eb-11e9-b4ea-f40343a90200’ to ‘system_u:object_r:svirt_sandbox_file_t:s0’: Operation not supported
Debug: 2019/06/03 16:06:48 cmd.go:49: out :
Info : 2019/06/03 16:06:48 dory.go:100: [13807] reply  : mount [/var/lib/origin/openshift.local.volumes/pods/bbb2ba9d-85eb-11e9-b4ea-f40343a90200/volumes/hpe.com~hpe/sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200 {"filePersona":"","fpg":"DockerFpg_0","kubernetes.io/fsType":"","kubernetes.io/pod.name":"pod-filepersona","kubernetes.io/pod.namespace":"default","kubernetes.io/pod.uid":"bbb2ba9d-85eb-11e9-b4ea-f40343a90200","kubernetes.io/pvOrVolumeName":"sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200","kubernetes.io/readwrite":"rw","kubernetes.io/serviceAccount.name":"default","name":"sc-personafile-3f5e1c79-85eb-11e9-b4ea-f40343a90200"}]: {"status":"Failure","message":"rc=1"}

Fix is to set -o context="system_u:object_r:nfs_t:s0" as part of the mount command via the plugin itself.

wdurairaj commented 5 years ago

@imran-ansari , can you review this change ?