fix(CSI-213): fix selinux context based on protocol

weka · Aug 4, 2024 · 954669b · 954669b
1 parent 0ce9f62
commit 954669b
Showing 1 changed file with 17 additions and 4 deletions.
diff --git a/pkg/wekafs/mountoptions.go b/pkg/wekafs/mountoptions.go
@@ -8,12 +8,15 @@ import (
 )
 
 const (
-	selinuxContext         = "wekafs_csi_volume"
+	selinuxContextWekaFs   = "wekafs_csi_volume_t"
+	selinuxContextNfs      = "nfs_t"
 	MountOptionSyncOnClose = "sync_on_close"
 	MountOptionReadOnly    = "ro"
 	MountOptionWriteCache  = "writecache"
 	MountOptionCoherent    = "coherent"
 	MountOptionReadCache   = "readcache"
+	MountProtocolWekafs    = "wekafs"
+	MountProtocolNfs       = "nfs"
 )
 
 type mountOption struct {
@@ -145,12 +148,22 @@ func (opts MountOptions) Hash() uint32 {
 	return h.Sum32()
 }
 
-func (opts MountOptions) setSelinux(selinuxSupport bool) {
+func (opts MountOptions) setSelinux(selinuxSupport bool, mountProtocol string) {
 	if selinuxSupport {
-		o := newMountOptionFromString(fmt.Sprintf("fscontext=\"system_u:object_r:%s_t:s0\"", selinuxContext))
+		var o mountOption
+		if mountProtocol == MountProtocolWekafs {
+			o = newMountOptionFromString(fmt.Sprintf("fscontext=\"system_u:object_r:%s:s0\"", selinuxContextWekaFs))
+		} else if mountProtocol == MountProtocolNfs {
+			o = newMountOptionFromString(fmt.Sprintf("context=\"system_u:object_r:%s:s0\"", selinuxContextNfs))
+		}
 		opts.customOptions[o.option] = o
 	} else {
-		delete(opts.customOptions, "fscontext")
+		if mountProtocol == MountProtocolWekafs {
+			delete(opts.customOptions, "fscontext")
+		}
+		if mountProtocol == MountProtocolNfs {
+			delete(opts.customOptions, "context")
+		}
 	}
 }