-
Notifications
You must be signed in to change notification settings - Fork 30
Can't mount tmpfs in userspace if SELinux engine not initialized #447
Comments
selinux configuration files were being installed in /etc, which isn't updated over upgrades. I'm fixing this up now. |
We were installing selinux configuration files in /etc which caused problems on upgrades. Move them into /usr and ensure that systemd sets up appropriate temporary files. Fixes coreos/bugs#447
This isn't quite fixed yet - the tmpfile creation is happening after selinux attempts to load the config |
But I'd also note that nothing should assume that merely because the system has selinux enabled it has a loaded policy - I'll also try to fix up bits of userspace that are broken by this. |
Also needs coreos/scripts#447 and coreos/bootengine#60 |
@mjg59 i am seeing the same symptoms on v815.0.0, upgraded from v723.3.0. I am unable to create kubernetes pods with volumes. journalctl:
$ ls -al /etc/selinux/
|
Creating symlinks and rebooting seems to have solved the problem.
|
I confirm, on fresh 815.0.0 nodes SELinux is throwing the same errors as @tg90nor mentioned. |
Have just upgraded CoreOS form 723.3.0 to 815.0.0:
|
Yeah, either we are missing the proper tmpfiles rules to set up upgraded systems or the existing rules are incorrect. |
From the error probably just needs a |
er, the tmpfiles config is fine, I just screwed up the kernel options. |
I have similar error messages as @kayrus in PXE-booted nodes with CoreOS alpha 833.0.0 and 829.0.0:
|
Hm, must be ordering the semanage.conf symlink before the selinux dir for some reason |
Thanks @marineam , it looks ok now
|
After upgrading to v779.0.0 I can't mount tmpfs volumes in userspace anymore. dmesg shows errors about a not initialized SELinux server.
This prevents kubelet, for example, to mount volumes into pods:
The text was updated successfully, but these errors were encountered: