Bug 1751124 - Fix "volumes should store data" tests for hostPath volumes
Summary: Fix "volumes should store data" tests for hostPath volumes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.3.0
Assignee: Fabio Bertinatto
QA Contact: Chao Yang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-09-11 08:53 UTC by Jan Safranek
Modified: 2020-01-23 11:06 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-01-23 11:05:47 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift origin pull 23954 0 'None' 'closed' 'Bug 1751124: UPSTREAM: 83727: Optionally run e2e pod as privileged for SELinux' 2019-11-20 06:12:25 UTC
Red Hat Product Errata RHBA-2020:0062 0 None None None 2020-01-23 11:06:11 UTC

Description Jan Safranek 2019-09-11 08:53:35 UTC
These two tests failed after rebase to Kubernetes 1.16 because of SELinux:

[sig-storage] In-tree Volumes [Driver: hostPathSymlink] [Testpattern: Inline-volume (default fs)] volumes should store data [Suite:openshift/conformance/parallel] [Suite:k8s] expand_less	

[sig-storage] In-tree Volumes [Driver: hostPath] [Testpattern: Inline-volume (default fs)] volumes should store data [Suite:openshift/conformance/parallel] [Suite:k8s] expand_more	

fail [k8s.io/kubernetes/test/e2e/framework/volume/fixtures.go:587]: failed: writing the contents: 
Unexpected error:
    <exec.CodeExitError>: {
        Err: {
            s: "error running &{/usr/bin/kubectl [kubectl --server=https://api.ci-op-4vl6fx01-55c01.origin-ci-int-aws.dev.rhcloud.com:6443 --kubeconfig=/tmp/admin.kubeconfig exec hostpathsymlink-injector --namespace=e2e-volume-6879 -- /bin/sh -c echo 'Hello from hostPathSymlink from namespace e2e-volume-6879' > /opt/0/index.html] []  <nil>  /bin/sh: can't create /opt/0/index.html: Permission denied\ncommand terminated with exit code 1\n [] <nil> 0xc005027110 exit status 1 <nil> <nil> true [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6b8 0xc00452f6d0] [0x998ca0 0x998ca0] 0xc002b55800 <nil>}:\nCommand stdout:\n\nstderr:\n/bin/sh: can't create /opt/0/index.html: Permission denied\ncommand terminated with exit code 1\n\nerror:\nexit status 1",
        },
        Code: 1,
    }
    error running &{/usr/bin/kubectl [kubectl --server=https://api.ci-op-4vl6fx01-55c01.origin-ci-int-aws.dev.rhcloud.com:6443 --kubeconfig=/tmp/admin.kubeconfig exec hostpathsymlink-injector --namespace=e2e-volume-6879 -- /bin/sh -c echo 'Hello from hostPathSymlink from namespace e2e-volume-6879' > /opt/0/index.html] []  <nil>  /bin/sh: can't create /opt/0/index.html: Permission denied
    command terminated with exit code 1
     [] <nil> 0xc005027110 exit status 1 <nil> <nil> true [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6b8 0xc00452f6d0] [0x998ca0 0x998ca0] 0xc002b55800 <nil>}:
    Command stdout:
    
    stderr:
    /bin/sh: can't create /opt/0/index.html: Permission denied
    command terminated with exit code 1
    
https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/pr-logs/pull/23750/pull-ci-openshift-origin-master-e2e-aws/12677

Version-Release number of selected component (if applicable):
4.3

The tests were fixed by a temporary patch and they should be fixed properly upstream to simplify the next rebase.


Note that the test was called "should be mountable" in 1.14 / 4.2 and it worked there - the pod that created index.html ran as privileged, while it's unprivileged in 1.16. Unprivileged pod cannot write to /tmp with label system_u:object_r:tmp_t:s0, while privileged can.

We can either push the temporary patch upstream or find a better directory where unprivileged pod can write or prepare such directory in the test.

Comment 5 errata-xmlrpc 2020-01-23 11:05:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062


Note You need to log in before you can comment on or make changes to this bug.