2105071 – container-selinux: Mostly-confined containers which create their own user and mount namespaces can't mount overlay filesystems

Bug 2105071 - container-selinux: Mostly-confined containers which create their own user and mount namespaces can't mount overlay filesystems

Summary: container-selinux: Mostly-confined containers which create their own user and...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Containers
Sub Component:
Version:	4.10
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.12.0
Assignee:	Tom Sweeney
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-07-07 20:14 UTC by Derrick Ornelas
Modified:	2023-01-17 19:52 UTC (History)
CC List:	6 users (show)
Fixed In Version:	container-selinux-2.188.0-1.rhaos4.12.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2102361
Environment:
Last Closed:	2023-01-17 19:51:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:7399	0	None	None	None	2023-01-17 19:52:07 UTC

Comment 1 Derrick Ornelas 2022-07-07 20:21:46 UTC

According to https://bugzilla.redhat.com/show_bug.cgi?id=2102361#c5 this should already be ready for 4.12

Comment 3 pmali 2022-08-16 07:09:06 UTC

Marking as Verified with below steps:

$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.12.0-0.nightly-2022-08-15-150248   True        False         12m     Cluster version is 4.12.0-0.nightly-2022-08-15-150248

$ oc apply -f yamlFiles/pod-bug-2105071.yaml 
pod/overlay-mount-test created


$ oc get  pod/overlay-mount-test
NAME                 READY   STATUS    RESTARTS   AGE
overlay-mount-test   1/1     Running   0          41s

$ oc logs pod/overlay-mount-test
success

sh-4.4# rpm -qi container-selinux
Name        : container-selinux
Epoch       : 2
Version     : 2.188.0
Release     : 1.rhaos4.12.el8
Architecture: noarch
Install Date: Thu Aug 11 17:42:42 2022
Group       : Unspecified
Size        : 58161
License     : GPLv2
Signature   : (none)
Source RPM  : container-selinux-2.188.0-1.rhaos4.12.el8.src.rpm
Build Date  : Thu Jun 30 17:37:22 2022
Build Host  : x86-037.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : https://github.com/containers/container-selinux
Summary     : SELinux policies for container runtimes
Description :
SELinux policy modules for use with container runtimes.

Comment 7 errata-xmlrpc 2023-01-17 19:51:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399

Note You need to log in before you can comment on or make changes to this bug.