These two tests failed after rebase to Kubernetes 1.16 because of SELinux: [sig-storage] In-tree Volumes [Driver: hostPathSymlink] [Testpattern: Inline-volume (default fs)] volumes should store data [Suite:openshift/conformance/parallel] [Suite:k8s] expand_less [sig-storage] In-tree Volumes [Driver: hostPath] [Testpattern: Inline-volume (default fs)] volumes should store data [Suite:openshift/conformance/parallel] [Suite:k8s] expand_more fail [k8s.io/kubernetes/test/e2e/framework/volume/fixtures.go:587]: failed: writing the contents: Unexpected error: <exec.CodeExitError>: { Err: { s: "error running &{/usr/bin/kubectl [kubectl --server=https://api.ci-op-4vl6fx01-55c01.origin-ci-int-aws.dev.rhcloud.com:6443 --kubeconfig=/tmp/admin.kubeconfig exec hostpathsymlink-injector --namespace=e2e-volume-6879 -- /bin/sh -c echo 'Hello from hostPathSymlink from namespace e2e-volume-6879' > /opt/0/index.html] [] <nil> /bin/sh: can't create /opt/0/index.html: Permission denied\ncommand terminated with exit code 1\n [] <nil> 0xc005027110 exit status 1 <nil> <nil> true [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6b8 0xc00452f6d0] [0x998ca0 0x998ca0] 0xc002b55800 <nil>}:\nCommand stdout:\n\nstderr:\n/bin/sh: can't create /opt/0/index.html: Permission denied\ncommand terminated with exit code 1\n\nerror:\nexit status 1", }, Code: 1, } error running &{/usr/bin/kubectl [kubectl --server=https://api.ci-op-4vl6fx01-55c01.origin-ci-int-aws.dev.rhcloud.com:6443 --kubeconfig=/tmp/admin.kubeconfig exec hostpathsymlink-injector --namespace=e2e-volume-6879 -- /bin/sh -c echo 'Hello from hostPathSymlink from namespace e2e-volume-6879' > /opt/0/index.html] [] <nil> /bin/sh: can't create /opt/0/index.html: Permission denied command terminated with exit code 1 [] <nil> 0xc005027110 exit status 1 <nil> <nil> true [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6b8 0xc00452f6d0] [0x998ca0 0x998ca0] 0xc002b55800 <nil>}: Command stdout: stderr: /bin/sh: can't create /opt/0/index.html: Permission denied command terminated with exit code 1 https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/pr-logs/pull/23750/pull-ci-openshift-origin-master-e2e-aws/12677 Version-Release number of selected component (if applicable): 4.3 The tests were fixed by a temporary patch and they should be fixed properly upstream to simplify the next rebase. Note that the test was called "should be mountable" in 1.14 / 4.2 and it worked there - the pod that created index.html ran as privileged, while it's unprivileged in 1.16. Unprivileged pod cannot write to /tmp with label system_u:object_r:tmp_t:s0, while privileged can. We can either push the temporary patch upstream or find a better directory where unprivileged pod can write or prepare such directory in the test.
The ci test cases are passed here https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/ci-kubernetes-e2e-gci-gce/1197020162776109056
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062