Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2000963

Summary: 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy
Product: OpenShift Container Platform Reporter: Vadim Rutkovsky <vrutkovs>
Component: StorageAssignee: Vadim Rutkovsky <vrutkovs>
Storage sub component: Kubernetes QA Contact: Wei Duan <wduan>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aos-bugs, jsafrane, wking
Version: 4.10   
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:07:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vadim Rutkovsky 2021-09-03 12:07:52 UTC 
This bug was initially created as a copy of Bug #1980693

I am copying this bug because OKD machine-os builds can no longer pull updates, as they require updated glibc, which requires selinux-policy update.


Description of problem:
After OKD has updated Fedora to  `selinux-policy-34.9-1.fc34` two Kubernetes tests started failing:

[sig-storage] In-tree Volumes [Driver: hostPath] [Testpattern:  Inline-volume (default fs)] volumes should store data  [Suite:openshift/conformance/parallel] [Suite:k8s]
[sig-storage] In-tree Volumes [Driver: hostPathSymlink] [Testpattern:  Inline-volume (default fs)] volumes should store data  [Suite:openshift/conformance/parallel] [Suite:k8s]


machine-os can't bump glib or selinux-policy, as kubernetes test is creating a file using privileged container but reads it using unprivileged one. This is no longer valid in updated selinux-policy package. https://github.com/kubernetes/kubernetes/pull/104551 fixes this behaviour.
Comment 1 Jan Safranek 2021-09-03 13:20:12 UTC 
Clearing blocker flag, we don't want to block OCP with it. Keeping urgent to fix OKD.
Comment 2 Jan Safranek 2021-09-03 13:48:24 UTC 
For the record, here is an attempted fix: https://github.com/kubernetes/kubernetes/pull/104551
Comment 3 Fabio Bertinatto 2021-09-03 19:47:51 UTC 
Upstream issue: https://github.com/kubernetes/kubernetes/issues/84585
Comment 4 Vadim Rutkovsky 2021-10-20 12:53:45 UTC 
Upstream fix merged in master (1.23) - https://github.com/kubernetes/kubernetes/pull/104551
Comment 6 Fabio Bertinatto 2021-12-20 13:08:04 UTC 
Since 1.23 rebase has landed (with the fix from comment 4), re-assigning to @Vadim for verification.
Comment 8 Vadim Rutkovsky 2022-01-28 22:15:00 UTC 
Resolved and verified in OKD 4.10 nightly
Comment 11 errata-xmlrpc 2022-03-10 16:07:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056