Default to SELinux private label for play kube mounts

Before, there were SELinux denials when a volume was bind-mounted by podman play kube. Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate) For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point also remove left over debugging print statement Signed-off-by: Peter Hunt <pehunt@redhat.com>
author: Peter Hunt <pehunt@redhat.com> 2019-03-07 12:52:54 -0500
committer: Peter Hunt <pehunt@redhat.com> 2019-03-28 09:54:31 -0400
commit: 0d0ad59641a308450d694d4c2fb95303c64fabf8 (patch)
tree: cce1ff87f1c9c501b70ee360fceacb512808e5bd /docs
parent: 850326cc192444d1c5cfd8ba6e1015f653b41e73 (diff)
download: podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.tar.gz
podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.tar.bz2
podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/podman-play-kube.1.md b/docs/podman-play-kube.1.md
index a9af961cd..a38abf35a 100644
--- a/docs/podman-play-kube.1.md
+++ b/docs/podman-play-kube.1.md
@@ -22,6 +22,8 @@ the ID of the new Pod is output.
 
 Ideally the input file would be one created by Podman (see podman-generate-kube(1)).  This would guarantee a smooth import and expected results.
 
+Note: HostPath volume types created by play kube will be given an SELinux private label (Z)
+
 # OPTIONS:
 
 **--authfile**
author	Peter Hunt <pehunt@redhat.com>	2019-03-07 12:52:54 -0500
committer	Peter Hunt <pehunt@redhat.com>	2019-03-28 09:54:31 -0400
commit	0d0ad59641a308450d694d4c2fb95303c64fabf8 (patch)
tree	cce1ff87f1c9c501b70ee360fceacb512808e5bd /docs
parent	850326cc192444d1c5cfd8ba6e1015f653b41e73 (diff)
download	podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.tar.gz podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.tar.bz2 podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.zip