mirror of https://github.com/k3s-io/k3s
Remove use of RootContext in empty_dir.go
Paul Morie
parent
21116a7dbe
commit
69d7297a37
|
|
@ -25,7 +25,6 @@ import (
|
|||
"k8s.io/kubernetes/pkg/api"
|
||||
"k8s.io/kubernetes/pkg/types"
|
||||
"k8s.io/kubernetes/pkg/util/mount"
|
||||
"k8s.io/kubernetes/pkg/util/selinux"
|
||||
"k8s.io/kubernetes/pkg/util/strings"
|
||||
"k8s.io/kubernetes/pkg/volume"
|
||||
volumeutil "k8s.io/kubernetes/pkg/volume/util"
|
||||
|
|
@ -106,7 +105,6 @@ func (plugin *emptyDirPlugin) newMounterInternal(spec *volume.Spec, pod *api.Pod
|
|||
mounter: mounter,
|
||||
mountDetector: mountDetector,
|
||||
plugin: plugin,
|
||||
rootContext: plugin.host.GetRootContext(),
|
||||
MetricsProvider: volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host)),
|
||||
}, nil
|
||||
}
|
||||
|
|
@ -165,7 +163,6 @@ type emptyDir struct {
|
|||
mounter mount.Interface
|
||||
mountDetector mountDetector
|
||||
plugin *emptyDirPlugin
|
||||
rootContext string
|
||||
volume.MetricsProvider
|
||||
}
|
||||
|
||||
|
|
@ -203,17 +200,11 @@ func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error {
|
|||
}
|
||||
}
|
||||
|
||||
// Determine the effective SELinuxOptions to use for this volume.
|
||||
securityContext := ""
|
||||
if selinux.SELinuxEnabled() {
|
||||
securityContext = ed.rootContext
|
||||
}
|
||||
|
||||
switch ed.medium {
|
||||
case api.StorageMediumDefault:
|
||||
err = ed.setupDir(dir)
|
||||
case api.StorageMediumMemory:
|
||||
err = ed.setupTmpfs(dir, securityContext)
|
||||
err = ed.setupTmpfs(dir)
|
||||
default:
|
||||
err = fmt.Errorf("unknown storage medium %q", ed.medium)
|
||||
}
|
||||
|
|
@ -229,7 +220,7 @@ func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error {
|
|||
|
||||
// setupTmpfs creates a tmpfs mount at the specified directory with the
|
||||
// specified SELinux context.
|
||||
func (ed *emptyDir) setupTmpfs(dir string, selinux string) error {
|
||||
func (ed *emptyDir) setupTmpfs(dir string) error {
|
||||
if ed.mounter == nil {
|
||||
return fmt.Errorf("memory storage requested, but mounter is nil")
|
||||
}
|
||||
|
|
@ -247,17 +238,8 @@ func (ed *emptyDir) setupTmpfs(dir string, selinux string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// By default a tmpfs mount will receive a different SELinux context
|
||||
// which is not readable from the SELinux context of a docker container.
|
||||
var opts []string
|
||||
if selinux != "" {
|
||||
opts = []string{fmt.Sprintf("rootcontext=\"%v\"", selinux)}
|
||||
} else {
|
||||
opts = []string{}
|
||||
}
|
||||
|
||||
glog.V(3).Infof("pod %v: mounting tmpfs for volume %v with opts %v", ed.pod.UID, ed.volName, opts)
|
||||
return ed.mounter.Mount("tmpfs", dir, "tmpfs", opts)
|
||||
glog.V(3).Infof("pod %v: mounting tmpfs for volume %v", ed.pod.UID, ed.volName)
|
||||
return ed.mounter.Mount("tmpfs", dir, "tmpfs", nil /* options */)
|
||||
}
|
||||
|
||||
// setupDir creates the directory with the specified SELinux context and
|
||||
|
|
|
|||
|
|
@ -33,9 +33,9 @@ import (
|
|||
)
|
||||
|
||||
// Construct an instance of a plugin, by name.
|
||||
func makePluginUnderTest(t *testing.T, plugName, basePath, rootContext string) volume.VolumePlugin {
|
||||
func makePluginUnderTest(t *testing.T, plugName, basePath string) volume.VolumePlugin {
|
||||
plugMgr := volume.VolumePluginMgr{}
|
||||
plugMgr.InitPlugins(ProbeVolumePlugins(), volumetest.NewFakeVolumeHost(basePath, nil, nil, rootContext))
|
||||
plugMgr.InitPlugins(ProbeVolumePlugins(), volumetest.NewFakeVolumeHost(basePath, nil, nil, "" /* rootContext */))
|
||||
|
||||
plug, err := plugMgr.FindPluginByName(plugName)
|
||||
if err != nil {
|
||||
|
|
@ -50,7 +50,7 @@ func TestCanSupport(t *testing.T) {
|
|||
t.Fatalf("can't make a temp dir: %v", err)
|
||||
}
|
||||
defer os.RemoveAll(tmpDir)
|
||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir, "" /* rootContext */)
|
||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir)
|
||||
|
||||
if plug.GetPluginName() != "kubernetes.io/empty-dir" {
|
||||
t.Errorf("Wrong name: %s", plug.GetPluginName())
|
||||
|
|
@ -75,44 +75,13 @@ func (fake *fakeMountDetector) GetMountMedium(path string) (storageMedium, bool,
|
|||
func TestPluginEmptyRootContext(t *testing.T) {
|
||||
doTestPlugin(t, pluginTestConfig{
|
||||
medium: api.StorageMediumDefault,
|
||||
rootContext: "",
|
||||
expectedSetupMounts: 0,
|
||||
expectedTeardownMounts: 0})
|
||||
}
|
||||
|
||||
func TestPluginRootContextSet(t *testing.T) {
|
||||
if !selinuxEnabled() {
|
||||
return
|
||||
}
|
||||
|
||||
doTestPlugin(t, pluginTestConfig{
|
||||
medium: api.StorageMediumDefault,
|
||||
rootContext: "user:role:type:range",
|
||||
expectedSELinux: "user:role:type:range",
|
||||
expectedSetupMounts: 0,
|
||||
expectedTeardownMounts: 0})
|
||||
}
|
||||
|
||||
func TestPluginTmpfs(t *testing.T) {
|
||||
if !selinuxEnabled() {
|
||||
return
|
||||
}
|
||||
|
||||
doTestPlugin(t, pluginTestConfig{
|
||||
medium: api.StorageMediumMemory,
|
||||
rootContext: "user:role:type:range",
|
||||
expectedSELinux: "user:role:type:range",
|
||||
expectedSetupMounts: 1,
|
||||
shouldBeMountedBeforeTeardown: true,
|
||||
expectedTeardownMounts: 1})
|
||||
}
|
||||
|
||||
type pluginTestConfig struct {
|
||||
medium api.StorageMedium
|
||||
rootContext string
|
||||
SELinuxOptions *api.SELinuxOptions
|
||||
idempotent bool
|
||||
expectedSELinux string
|
||||
expectedSetupMounts int
|
||||
shouldBeMountedBeforeTeardown bool
|
||||
expectedTeardownMounts int
|
||||
|
|
@ -130,7 +99,7 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) {
|
|||
volumePath = path.Join(basePath, "pods/poduid/volumes/kubernetes.io~empty-dir/test-volume")
|
||||
metadataDir = path.Join(basePath, "pods/poduid/plugins/kubernetes.io~empty-dir/test-volume")
|
||||
|
||||
plug = makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath, config.rootContext)
|
||||
plug = makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath)
|
||||
volumeName = "test-volume"
|
||||
spec = &api.Volume{
|
||||
Name: volumeName,
|
||||
|
|
@ -142,24 +111,6 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) {
|
|||
pod = &api.Pod{ObjectMeta: api.ObjectMeta{UID: types.UID("poduid")}}
|
||||
)
|
||||
|
||||
// Set up the SELinux options on the pod
|
||||
if config.SELinuxOptions != nil {
|
||||
pod.Spec = api.PodSpec{
|
||||
Containers: []api.Container{
|
||||
{
|
||||
SecurityContext: &api.SecurityContext{
|
||||
SELinuxOptions: config.SELinuxOptions,
|
||||
},
|
||||
VolumeMounts: []api.VolumeMount{
|
||||
{
|
||||
Name: volumeName,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
if config.idempotent {
|
||||
physicalMounter.MountPoints = []mount.MountPoint{
|
||||
{
|
||||
|
|
@ -258,7 +209,7 @@ func TestPluginBackCompat(t *testing.T) {
|
|||
}
|
||||
defer os.RemoveAll(basePath)
|
||||
|
||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath, "" /* rootContext */)
|
||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", basePath)
|
||||
|
||||
spec := &api.Volume{
|
||||
Name: "vol1",
|
||||
|
|
@ -287,7 +238,7 @@ func TestMetrics(t *testing.T) {
|
|||
}
|
||||
defer os.RemoveAll(tmpDir)
|
||||
|
||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir, "" /* rootContext */)
|
||||
plug := makePluginUnderTest(t, "kubernetes.io/empty-dir", tmpDir)
|
||||
|
||||
spec := &api.Volume{
|
||||
Name: "vol1",
|
||||
|
|
|
|||
Loading…
Reference in New Issue