From 2acf2f65729c16ad344f7686f00b2db6a3b7205c Mon Sep 17 00:00:00 2001 From: Connor Catlett Date: Wed, 4 Dec 2024 14:53:29 +0000 Subject: [PATCH] [WIP] Selinux Mounts Signed-off-by: Connor Catlett --- charts/aws-ebs-csi-driver/templates/_node.tpl | 14 ++++++++++++++ deploy/kubernetes/base/node.yaml | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/charts/aws-ebs-csi-driver/templates/_node.tpl b/charts/aws-ebs-csi-driver/templates/_node.tpl index ec2e47878c..39627c679b 100644 --- a/charts/aws-ebs-csi-driver/templates/_node.tpl +++ b/charts/aws-ebs-csi-driver/templates/_node.tpl @@ -127,6 +127,10 @@ spec: mountPath: /csi - name: device-dir mountPath: /dev + - name: selinux-sysfs + mountPath: /sys/fs/selinux + - name: selinux-config + mountPath: /etc/selinux/config {{- with .Values.node.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -244,6 +248,16 @@ spec: hostPath: path: /dev type: Directory + - name: selinux-sysfs + hostPath: + path: /sys/fs/selinux + type: Directory + readOnly: true + - name: selinux-config + hostPath: + path: /etc/selinux/config + type: File + readOnly: true - name: probe-dir {{- if .Values.node.probeDirVolume }} {{- toYaml .Values.node.probeDirVolume | nindent 10 }} diff --git a/deploy/kubernetes/base/node.yaml b/deploy/kubernetes/base/node.yaml index 0515255199..fd16993ab6 100644 --- a/deploy/kubernetes/base/node.yaml +++ b/deploy/kubernetes/base/node.yaml @@ -79,6 +79,10 @@ spec: mountPath: /csi - name: device-dir mountPath: /dev + - name: selinux-sysfs + mountPath: /sys/fs/selinux + - name: selinux-config + mountPath: /etc/selinux/config ports: - name: healthz containerPort: 9808 @@ -175,5 +179,15 @@ spec: hostPath: path: /dev type: Directory + - name: selinux-sysfs + hostPath: + path: /sys/fs/selinux + type: Directory + readOnly: true + - name: selinux-config + hostPath: + path: /etc/selinux/config + type: File + readOnly: true - name: probe-dir emptyDir: {}