Lyndon-Li
commented
3 hours ago @sseago @shubham-pampattiwar We discussed this issue locally, we suggest to do more tests: We need to test with ceph storage to see whether the snapshot clone is compromised once we remove readOnly flag from volumeSource.
If snapshot full clone is not happening, it means backupPVC readOnly configuration is still working at least for ceph. Then we can consider to remove the readOnly flag from volumeSource. Meanwhile, we need to document that supporting readOnly mount + selinux is a limitation of Kubernetes, there may be problems to use the backupPVC readOnly configuration feature in some envs.
cc @reasonerjt
See discussions in #8243, for data mover backup, if backupPVC readOnly is configured (design #7982, implementation #8109), VGDP always fails because of permission denied error in SELinux env.