Add SELinux feature check for iSCSI volume plugin

In theory the check is not necessary, but for sake of robustness and completenes, let's check SELinuxMountReadWriteOncePod feature gate before assuming anything about SELinux labels.
openshift · Aug 4, 2022 · 4df3f58 · 4df3f58
1 parent 49148dd
commit 4df3f58
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/pkg/volume/iscsi/iscsi.go b/pkg/volume/iscsi/iscsi.go
@@ -24,7 +24,9 @@ import (
 	"strconv"
 	"strings"
 
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/klog/v2"
+	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/mount-utils"
 	utilexec "k8s.io/utils/exec"
 	"k8s.io/utils/io"
@@ -366,9 +368,12 @@ func (b *iscsiDiskMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e
 	if err != nil {
 		klog.Errorf("iscsi: failed to setup")
 	}
-	// The volume must have been mounted in MountDevice with -o context.
-	// TODO: extract from mount table in GetAttributes() to be sure?
-	b.mountedWithSELinuxContext = mounterArgs.SELinuxLabel != ""
+
+	if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) {
+		// The volume must have been mounted in MountDevice with -o context.
+		// TODO: extract from mount table in GetAttributes() to be sure?
+		b.mountedWithSELinuxContext = mounterArgs.SELinuxLabel != ""
+	}
 	return err
 }