fix when running rancher with selinux enforcing #758

dweomer · 2021-03-09T22:05:36Z

Originally reported at #690 against a v1.19.7 beta
pre-release, there is an issue with containerd versions 1.4+ that
prevented the correct selinux labels from being applied for image
volumes (volumes declared in the docker image that containerd/cri will
set up for you by default ... but they aren't visible to k8s).

Patches to fix this have been submitted upstream, see:

Addresses #757

Signed-off-by: Jacob Blain Christen jacob@rancher.com

Originally reported at rancher#690 against a v1.19.7 beta pre-release, there is an issue with containerd versions 1.4+ that prevented the correct selinux labels from being applied for image volumes (volumes declared in the docker image that containerd/cri will set up for you by default ... but they aren't visible to k8s). Patches to fix this have been submitted upstream, see: - containerd/containerd#5090 - containerd/containerd#5104 - containerd/continuity#178 Signed-off-by: Jacob Blain Christen <jacob@rancher.com>

dweomer requested a review from a team as a code owner March 9, 2021 22:05

brandond approved these changes Mar 9, 2021

View reviewed changes

Oats87 approved these changes Mar 12, 2021

View reviewed changes

dweomer merged commit 728a5f0 into rancher:master Mar 13, 2021

dweomer deleted the fix/757/rancher-with-selinux branch March 13, 2021 00:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix when running rancher with selinux enforcing #758

fix when running rancher with selinux enforcing #758

dweomer commented Mar 9, 2021 •

edited

fix when running rancher with selinux enforcing #758

fix when running rancher with selinux enforcing #758

Conversation

dweomer commented Mar 9, 2021 • edited

dweomer commented Mar 9, 2021 •

edited