Commit 4c4401c1 authored by Jan Safranek's avatar Jan Safranek

Run injector as privileged pod

Privileged pod can write bypass any SELinux checks. NFS, CephFS and Gluster test now work without setting special SELinux boolean for them.
parent 27e5971c
...@@ -486,6 +486,7 @@ func InjectHtml(client clientset.Interface, config VolumeTestConfig, volume v1.V ...@@ -486,6 +486,7 @@ func InjectHtml(client clientset.Interface, config VolumeTestConfig, volume v1.V
podClient := client.CoreV1().Pods(config.Namespace) podClient := client.CoreV1().Pods(config.Namespace)
podName := fmt.Sprintf("%s-injector-%s", config.Prefix, rand.String(4)) podName := fmt.Sprintf("%s-injector-%s", config.Prefix, rand.String(4))
volMountName := fmt.Sprintf("%s-volume-%s", config.Prefix, rand.String(4)) volMountName := fmt.Sprintf("%s-volume-%s", config.Prefix, rand.String(4))
privileged := true
injectPod := &v1.Pod{ injectPod := &v1.Pod{
TypeMeta: metav1.TypeMeta{ TypeMeta: metav1.TypeMeta{
...@@ -511,11 +512,9 @@ func InjectHtml(client clientset.Interface, config VolumeTestConfig, volume v1.V ...@@ -511,11 +512,9 @@ func InjectHtml(client clientset.Interface, config VolumeTestConfig, volume v1.V
MountPath: "/mnt", MountPath: "/mnt",
}, },
}, },
}, SecurityContext: &v1.SecurityContext{
}, Privileged: &privileged,
SecurityContext: &v1.PodSecurityContext{ },
SELinuxOptions: &v1.SELinuxOptions{
Level: "s0:c0,c1",
}, },
}, },
RestartPolicy: v1.RestartPolicyNever, RestartPolicy: v1.RestartPolicyNever,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment