Without this patch, logging aggregator pods for RKE1 cannot read
symlinks under /var/lib/rancher/rke even though their rke_logreader_t
label allows them to read container logs and docker logs. Add a policy
and fcontext equivalent to the existing RKE2 log policy to allow
containers with the rke_logreader_t label to read linked logs under
/var/lib/rancher/rke/.
cmurphy
commented
3 years ago
Without this patch, logging aggregator pods for RKE1 cannot read symlinks under /var/lib/rancher/rke even though their rke_logreader_t label allows them to read container logs and docker logs. Add a policy and fcontext equivalent to the existing RKE2 log policy to allow containers with the rke_logreader_t label to read linked logs under /var/lib/rancher/rke/.
https://github.com/rancher/rancher/issues/30949 Needed by https://github.com/rancher/charts/pull/1049