Considerations for mounting read-write many (RWX) volumes
Red Hat® OpenShift® relabels the volumes while mounting them inside a pod. In case of volumes with RWX access mode, when multiple pods mount them, they are relabeled multiple times. If the SELinux labeling is not managed, it might cause data access issues from the pod.
Note: If you are running IBM Storage Scale Container Storage Interface
driver with IBM
Storage Scale Container Native 5.1.7, you need not to
do anything for the data access issue. For more information, see the Limitations section.
You can address this issue in
either of the following ways: - Use an SCC (Security Context Constraints) with seLinuxContext.type set as
"MustRunAs".
seLinuxContext: type: MustRunAs
Ensure that correct SCC is used by the pod:metadata: annotations: openshift.io/scc: <scc_name>
- Specify appropriate seLinuxOptions.level in the deployment specification of
the pod as shown in the following example:
An example of SELinux level label is "s0:c123,c456".securityContext: seLinuxOptions: level: <SELinux level label>