summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-04-19 16:37:00 -0400
committerGitHub <noreply@github.com>2022-04-19 16:37:00 -0400
commit9d2ad5b8394935092f0824067ceb1805253372e8 (patch)
treea8fe63ce3f495e6cf83c0a6aeed16b3b372c2d9f
parent712c3bb226a84c8a5593d62648975611cea7839d (diff)
parente716790af9e81f8eae528e589379860d1cc60bf9 (diff)
downloadpodman-9d2ad5b8394935092f0824067ceb1805253372e8.tar.gz
podman-9d2ad5b8394935092f0824067ceb1805253372e8.tar.bz2
podman-9d2ad5b8394935092f0824067ceb1805253372e8.zip
Merge pull request #13890 from fulminemizzega/main
[CI:DOCS] Fix selinux docs for kubernetes yaml
-rw-r--r--docs/source/markdown/podman-generate-kube.1.md3
-rw-r--r--docs/source/markdown/podman-play-kube.1.md2
2 files changed, 3 insertions, 2 deletions
diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-generate-kube.1.md
index 8cd35140e..cbb875f60 100644
--- a/docs/source/markdown/podman-generate-kube.1.md
+++ b/docs/source/markdown/podman-generate-kube.1.md
@@ -22,7 +22,8 @@ Init containers created with type `always` will always be generated in the kube
*Note*: When using volumes and generating a Kubernetes YAML for an unprivileged and rootless podman container on an **SELinux enabled system**, one of the following options must be completed:
* Add the "privileged: true" option to the pod spec
* Add `type: spc_t` under the `securityContext` `seLinuxOptions` in the pod spec
- * Relabel the volume via the CLI command `chcon -t container_file_t context -R <directory>`
+ * Relabel the volume via the CLI command `chcon -t container_file_t -R <directory>`
+
Once completed, the correct permissions will be in place to access the volume when the pod/container is created in a Kubernetes cluster.
Note that the generated Kubernetes YAML file can be used to re-run the deployment via podman-play-kube(1).
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index ad3bd421d..b959f6dd9 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -24,7 +24,7 @@ Only two volume types are supported by play kube, the *hostPath* and *persistent
Note: When playing a kube YAML with init containers, the init container will be created with init type value `always`.
-Note: *hostPath* volume types created by play kube will be given an SELinux private label (Z)
+Note: *hostPath* volume types created by play kube will be given an SELinux shared label (z), bind mounts are not relabeled (use `chcon -t container_file_t -R <directory>`).
Note: If the `:latest` tag is used, Podman will attempt to pull the image from a registry. If the image was built locally with Podman or Buildah, it will have `localhost` as the domain, in that case, Podman will use the image from the local store even if it has the `:latest` tag.