Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI:DOCS] Add SELinux information about boolean for using random devices #15937

Merged
merged 1 commit into from
Sep 27, 2022
Merged

[CI:DOCS] Add SELinux information about boolean for using random devices #15937

merged 1 commit into from
Sep 27, 2022
+8 −0

Conversation

rhatdan
Copy link
Member

@rhatdan rhatdan commented Sep 26, 2022

Fixes: #15930

Signed-off-by: Daniel J Walsh [email protected]

Does this PR introduce a user-facing change?

Update man pages to describe SELinux boolean for use of system devices.

@openshift-ci openshift-ci bot added release-note approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 26, 2022
@rhatdan rhatdan changed the title Add SELinux information about boolean for using random devices [CI:DOCS] Add SELinux information about boolean for using random devices Sep 26, 2022
@rhatdan
Copy link
Member Author

rhatdan commented Sep 26, 2022

@giuseppe PTAL

giuseppe
giuseppe approved these changes Sep 26, 2022
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

edsantiago
edsantiago requested changes Sep 26, 2022
View reviewed changes
docs/source/markdown/options/device.md Outdated
@@ -12,3 +12,11 @@ The <<container|pod>> will only store the major and minor numbers of the host de
Podman may load kernel modules required for using the specified
device. The devices that Podman will load modules for when necessary are:
/dev/fuse.

In rootless mode, the new device is bind mounted in the container from the host
rather then Podman creating it within the container space. Because the bind
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rather than, not then.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get this wrong 100% of the time, and I can not fix my brain.

docs/source/markdown/options/device.md Outdated

In rootless mode, the new device is bind mounted in the container from the host
rather then Podman creating it within the container space. Because the bind
mount retains it's SELinux label on SELinux systems, the container can get
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No apostrophe in its.

edsantiago
edsantiago reviewed Sep 26, 2022
View reviewed changes
docs/source/markdown/options/device.md
@@ -12,3 +12,11 @@ The <<container|pod>> will only store the major and minor numbers of the host de
Podman may load kernel modules required for using the specified
device. The devices that Podman will load modules for when necessary are:
/dev/fuse.

In rootless mode, the new device is bind mounted in the container from the host
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more: this option is also used in podman-build.1. Does this text apply to podman-build? (My impression is yes, it does, but please confirm).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it does.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 26, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: edsantiago, giuseppe, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [edsantiago,giuseppe,rhatdan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan rhatdan added the lgtm Indicates that a PR is ready to be merged. label Sep 27, 2022
@openshift-merge-robot openshift-merge-robot merged commit b794b61 into containers:main Sep 27, 2022
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 20, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@giuseppe giuseppe giuseppe approved these changes

@edsantiago edsantiago edsantiago approved these changes

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SELinux prevents rootless container from using passed device
4 participants
@rhatdan @giuseppe @edsantiago @openshift-merge-robot