kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Mention MountOption as the default

pull/48515/head
Jan Safranek 2024-11-19 10:03:28 +01:00
parent bf32989b93
commit 8e17234d93
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/en/docs/tasks/configure-pod-container/security-context.md
View File

@ -715,7 +715,7 @@ For Pods that want to opt-out from relabeling using mount options, they can set
when multiple pods share a single volume on the same node, but they run with when multiple pods share a single volume on the same node, but they run with
different SELinux labels that allows simultaneous access to the volume. For example, a privileged pod different SELinux labels that allows simultaneous access to the volume. For example, a privileged pod
running with label `spc_t` and an unprivileged pod running with the default label `container_file_t`. running with label `spc_t` and an unprivileged pod running with the default label `container_file_t`.
With unset `spec.securityContext.seLinuxChangePolicy` (or with the value `MountOption`), With unset `spec.securityContext.seLinuxChangePolicy` (or with the default value `MountOption`),
only one of such pods is able to run on a node, the other one gets ContainerCreating with error only one of such pods is able to run on a node, the other one gets ContainerCreating with error
`conflicting SELinux labels of volume <name of the volume>: <label of the running pod> and <label of the pod that can't start>`. `conflicting SELinux labels of volume <name of the volume>: <label of the running pod> and <label of the pod that can't start>`.