Bug 2192323 - Set container storage label on local-path-provisioner
Summary: Set container storage label on local-path-provisioner
Keywords:
Status: ON_QA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: container-selinux
Version: 9.1
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact: Edward Shen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-05-01 11:27 UTC by Carroline
Modified: 2023-07-04 02:06 UTC (History)
9 users (show)

Fixed In Version: container-selinux-2.218.0-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-05-01 13:59:11 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-156150 0 None None None 2023-05-01 11:31:09 UTC

Description Carroline 2023-05-01 11:27:25 UTC 
Description of problem:


Version-Release number of selected component (if applicable):

RHEL 9.1

How reproducible:
/{opt,var}/local-path-provisioner are the default paths used for container local storage and should have the correct SELinux label automatically.


Actual results:
- container-selinux does not automatically set the context for local-path-provisioner

Expected results:
- container-selinux should automatically set the context for local-path-provisioner

Additional info:
Comment 2 Daniel Walsh 2023-05-01 13:59:11 UTC 
Those are not standard OS paths, so they should be labeled locally by the tool defining them.

You can use semanage and restorecon to set the proper labels.

The upstream container-selinux will not handle these labels.

semanage fcontext -a ...
Comment 6 Daniel Walsh 2023-06-29 20:52:34 UTC 
Fixed in container-selinux-2.218.0-1
Note You need to log in before you can comment on or make changes to this bug.