We should only be relabeling when on first run #11959
Conversation
openshift-ci
bot
added
the
approved
test/system/410-selinux.bats
Outdated
| run ls -dZ $tmpdir | ||
| is "$output" "system_u:object_r:usr_t:s0 $tmpdir" \ | ||
| "Start did not Relabel" | ||
|
|
There was a problem hiding this comment.
Can you add a test for the chown change too? It would be nice to have a note in the description about that change.
|
Can you explain how this fixes the linked issue. The issue is talking about random failures during relabel. AFAIK you are allowed to relabel more than once. |
|
Good point on the tmpfs, as far as the linked message, it would at least make it less likely. I believe the linked issue is most likely a problem in Ceph file system not in Podman at all. The main advantage of this fix is if a directory had a massive amount of files, the relabel will no longer be done. |
|
Top level directory is now checked to make sure it matches the UID, before chowning and checks the label before relabeling. |
rhatdan
force-pushed
the
selinux
branch
3 times, most recently
from
089edb3 to
5bb19ea
Compare
On the second runs, the labels should be the same so no need to relabel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2013548 Signed-off-by: Daniel J Walsh <[email protected]>
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
github-actions
bot
added
the
locked - please file new issue/PR
On the second runs, the labels should be the same so no
need to relabel.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2013548
Signed-off-by: Daniel J Walsh [email protected]
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Special notes for your reviewer: