2000963 – 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy

Bug 2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy

Summary: 'Inline-volume (default fs)] volumes should store data' tests are failing on ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Vadim Rutkovsky
QA Contact:	Wei Duan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-09-03 12:07 UTC by Vadim Rutkovsky
Modified:	2022-03-10 16:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-10 16:07:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:0056	0	None	None	None	2022-03-10 16:07:24 UTC

Description Vadim Rutkovsky 2021-09-03 12:07:52 UTC

This bug was initially created as a copy of Bug #1980693

I am copying this bug because OKD machine-os builds can no longer pull updates, as they require updated glibc, which requires selinux-policy update.


Description of problem:
After OKD has updated Fedora to  `selinux-policy-34.9-1.fc34` two Kubernetes tests started failing:

[sig-storage] In-tree Volumes [Driver: hostPath] [Testpattern:  Inline-volume (default fs)] volumes should store data  [Suite:openshift/conformance/parallel] [Suite:k8s]
[sig-storage] In-tree Volumes [Driver: hostPathSymlink] [Testpattern:  Inline-volume (default fs)] volumes should store data  [Suite:openshift/conformance/parallel] [Suite:k8s]


machine-os can't bump glib or selinux-policy, as kubernetes test is creating a file using privileged container but reads it using unprivileged one. This is no longer valid in updated selinux-policy package. https://github.com/kubernetes/kubernetes/pull/104551 fixes this behaviour.

Comment 1 Jan Safranek 2021-09-03 13:20:12 UTC

Clearing blocker flag, we don't want to block OCP with it. Keeping urgent to fix OKD.

Comment 2 Jan Safranek 2021-09-03 13:48:24 UTC

For the record, here is an attempted fix: https://github.com/kubernetes/kubernetes/pull/104551

Comment 3 Fabio Bertinatto 2021-09-03 19:47:51 UTC

Upstream issue: https://github.com/kubernetes/kubernetes/issues/84585

Comment 4 Vadim Rutkovsky 2021-10-20 12:53:45 UTC

Upstream fix merged in master (1.23) - https://github.com/kubernetes/kubernetes/pull/104551

Comment 6 Fabio Bertinatto 2021-12-20 13:08:04 UTC

Since 1.23 rebase has landed (with the fix from comment 4), re-assigning to @Vadim for verification.

Comment 8 Vadim Rutkovsky 2022-01-28 22:15:00 UTC

Resolved and verified in OKD 4.10 nightly

Comment 11 errata-xmlrpc 2022-03-10 16:07:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.