cri: selinuxrelabel=false for /dev/shm w/ host ipc#4705
cri: selinuxrelabel=false for /dev/shm w/ host ipc#4705estesp merged 1 commit intocontainerd:masterfrom
Conversation
|
Hi @dweomer. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@crosbymichael I am not sure if this is necessary but it seemed like a reasonable guard to have in place (don't attempt to relabel host /dev/shm). |
|
Build succeeded.
|
This is a followup to containerd#4699 that addresses an oversight that could cause the CRI to relabel the host /dev/shm, which should be a no-op in most cases. Additionally, fixes unit tests to make correct assertions for /dev/shm relabeling. Discovered while applying the changes for containerd#4699 to containerd/cri 1.4: containerd/cri#1605 Signed-off-by: Jacob Blain Christen <[email protected]>
dweomer
force-pushed
the
selinx-relabel-dev-shm-but-not-with-hostipc
branch
from
4d3b20f to
a1e7dd9
Compare
|
Build succeeded.
|
|
I have verified that this fixes an actual problem in our 1.3 and 1.4 forks we maintain for k3s |
|
cherry-pick (containerd/cri#1605) was merged, but needs a re-vendor |
thaJeztah
added
cherry-picked/1.4.x
6 participants
This is a followup to #4699 that addresses an oversight that could cause
the CRI to relabel the host /dev/shm, which should be a no-op in most
cases. Additionally, fixes unit tests to make correct assertions for
/dev/shm relabeling.
Discovered while applying the changes for #4699 to containerd/cri 1.4:
containerd/cri#1605
Signed-off-by: Jacob Blain Christen [email protected]