Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding SELinux Documentation #900

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Adding SELinux Documentation #900

wants to merge 1 commit into from

Conversation

cniackz
Copy link
Contributor

@cniackz cniackz commented Apr 13, 2024
edited
Loading

Objective:

When resuming or suspending a drive in an OpenShift cluster, we may encounter a relabel issue. Various solutions exist for this problem, but here I am documenting the one we believe to be the best approach.

@cniackz cniackz self-assigned this Apr 13, 2024
@cniackz cniackz added the documentation Improvements or additions to documentation label Apr 13, 2024
@cniackz cniackz requested a review from ravindk89 April 13, 2024 18:58
@cniackz
Copy link
Contributor Author

cniackz commented Apr 13, 2024
edited
Loading

NET:[VulnCheck / Analysis (pull_request) ] fix is on #901

balamurugana
balamurugana reviewed Apr 14, 2024
View reviewed changes
docs/volume-management.md Outdated Show resolved Hide resolved
docs/volume-management.md Outdated Show resolved Hide resolved
@Praveenrajmani
Copy link
Collaborator

PTAL @cniackz

@cniackz cniackz force-pushed the selinux-documentation-apr13 branch from 95448ad to 62e070b Compare July 26, 2024 14:09
@cniackz cniackz force-pushed the selinux-documentation-apr13 branch from 62e070b to c48433d Compare July 26, 2024 14:13
ravindk89
ravindk89 approved these changes Jul 26, 2024
View reviewed changes
Copy link
Contributor

@ravindk89 ravindk89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Open Question - should we make this a pre-requisite for OpenShift clusters running SELinux?

balamurugana
balamurugana reviewed Jul 27, 2024
View reviewed changes
docs/openshift.md
If you encounter the `relabel failed` error after executing the `suspend` or `resume` commands, you should set `spc_t` at the Tenant level Specification, as demonstrated below:

```yaml
kind: Tenant
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. This is more specific to MinIO Operator, but DirectPV is meant for any container require local storage access. We would need to add documentation to generic use case as primary and extend it to MinIO server and MinIO Operator.
  2. Does pod level setting Pod.Spec.SecurityContext.SELinuxOptions.Type = spc_t work?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^^ @cniackz

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cniackz ^^ PTAL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balamurugana balamurugana balamurugana left review comments

@ravindk89 ravindk89 ravindk89 approved these changes

@Praveenrajmani Praveenrajmani Awaiting requested review from Praveenrajmani

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

At least 2 approving reviews are required to merge this pull request.

Assignees

@cniackz cniackz

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cniackz @Praveenrajmani @harshavardhana @balamurugana @ravindk89