spiffe-csi

History

Andrew Harding 44245533c1 Allow fsgroup/SELinux attributes to be set (#44 ) - Changes the mount to be mounted read-write on the host so that fsetxattr can be used by the host to change the attributes on files inside the mount. For security purposes, this only happens if the CSI volume is specified as read-only so the kubelet will mount the volume read-only into the containers. - Optionally enforces that the CSI volume is marked read-only. We can't enforce this by default, since it would break existing deployments. It will be enforced in a future release. Fixes: #42 Signed-off-by: Andrew Harding <aharding@vmware.com>	2022-09-08 12:36:24 -06:00
..
main.go	Allow fsgroup/SELinux attributes to be set (#44 )	2022-09-08 12:36:24 -06:00

Allow fsgroup/SELinux attributes to be set (#44 )

- Changes the mount to be mounted read-write on the host so that
  fsetxattr can be used by the host to change the attributes on files
  inside the mount. For security purposes, this only happens if the CSI
  volume is specified as read-only so the kubelet will mount the volume
  read-only into the containers.
- Optionally enforces that the CSI volume is marked read-only. We can't
  enforce this by default, since it would break existing deployments.
  It will be enforced in a future release.

Fixes: #42

Signed-off-by: Andrew Harding <aharding@vmware.com>

2022-09-08 12:36:24 -06:00

main.go

Allow fsgroup/SELinux attributes to be set (#44 )

2022-09-08 12:36:24 -06:00