(sorry for the dup, replying on-list) You might be hitting this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331580
It is fixed upstream but I'm not sure that it has made its way into an ostree compose for Atomic yet. On Tue, Jun 14, 2016 at 2:15 AM, 周海兵 <[email protected]> wrote: > Hi fellows, > > This is my first time to sent email to a mail list, so hopefully I will give > a clear explanation on my question. > > We are using AtomicOS fedora to deploy kubernetes, We do not use the version > that carried along with Atomic due to we are actively develop features for > kubernetes. > > Now that I meet a problem which is already post on > https://github.com/kubernetes/kubernetes/issues/27282, to be briefly, we > want to enable SELinux to give more security, but what we found that > containers could not access volumes mount from `/var` and many other > directories as there is not a rule to state that `svirt_lxc_net_t` could > access files with types `var_t`. > > It made me very confused on how would `configMap` and `secrets` and other > volumes type to work properly? > > Thanks. > Haibing
