Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generate kube does not include security-opt #4950

Closed
FlorianLudwig opened this issue Jan 23, 2020 · 3 comments · Fixed by #5307
Closed

generate kube does not include security-opt #4950

FlorianLudwig opened this issue Jan 23, 2020 · 3 comments · Fixed by #5307
Assignees
@QiWang19
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@FlorianLudwig
Copy link

/kind bug

Description

The security-opt is not included when generated kubernetes pod descriptions.

Steps to reproduce the issue:

podman run --name test -v `pwd`:/host --security-opt "label=disable" docker.io/library/bash:latest ls /host
podman generate kube > test.yaml

Describe the results you received:
The security-opt has no influence on the generated yaml

Describe the results you expected:
the test.yaml should contain securityContext: seLinuxOptions

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:            1.7.0
RemoteAPI Version:  1
Go Version:         go1.13.5
OS/Arch:            linux/amd64

Package info (e.g. output of rpm -q podman or apt list podman):

podman-1.7.0-2.fc31.x86_64
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jan 23, 2020
@rhatdan
Copy link
Member

rhatdan commented Jan 26, 2020

label=disable in SELinux terms would translate to

security-object:
    type: spc_t

I guess.

@FlorianLudwig interested in opening a PR?

@mheon @haircommander Do we have enough info in the container to know SELinux was disabled.

@mheon
Copy link
Member

mheon commented Jan 26, 2020

The io.podman.annotations.label annotation in newer Podman-created containers should do the jobr

@rhatdan
Copy link
Member

rhatdan commented Feb 17, 2020

@QiWang19 PTAL

@QiWang19 QiWang19 mentioned this issue Feb 24, 2020
Merged
QiWang19 added a commit to QiWang19/podman that referenced this issue Mar 3, 2020
@QiWang19
fix security-opt generate kube
17bab33 
fix containers#4950
add selinux options from --security-opt of the container to generate kube result

Signed-off-by: Qi Wang <[email protected]>
snj33v pushed a commit to snj33v/libpod that referenced this issue May 31, 2020
@QiWang19 @snj33v
fix security-opt generate kube
f66c3c7 
fix containers#4950
add selinux options from --security-opt of the container to generate kube result

Signed-off-by: Qi Wang <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@QiWang19 QiWang19

Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix security-opt generate kube QiWang19/podman
5 participants
@FlorianLudwig @rhatdan @mheon @QiWang19 @openshift-ci-robot