Merge pull request #35491 from pmorie/byebye-getrootcontext

Automatic merge from submit-queue

Remove GetRootContext method from VolumeHost interface

Remove the `GetRootContext` call from the `VolumeHost` interface, since Kubernetes no longer needs to know the SELinux context of the Kubelet directory.

Per #33951 and #35127.

Depends on #33663; only the last commit is relevant to this PR.

pkg/kubelet/BUILD

@@ -29,7 +29,6 @@ go_library(
         "pod_container_deletor.go",
         "pod_workers.go",
         "reason_cache.go",
-        "root_context_linux.go",
         "runonce.go",
         "runtime.go",
         "util.go",
@@ -122,7 +121,6 @@ go_library(
         "//vendor:github.com/google/cadvisor/events",
         "//vendor:github.com/google/cadvisor/info/v1",
         "//vendor:github.com/google/cadvisor/info/v2",
-        "//vendor:github.com/opencontainers/runc/libcontainer/selinux",
     ],
 )
 

pkg/kubelet/root_context_linux.go

@@ -1,35 +0,0 @@
-// +build linux
-
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package kubelet
-
-import (
-	"github.com/opencontainers/runc/libcontainer/selinux"
-)
-
-// getRootDirContext gets the SELinux context of the kubelet rootDir
-// or returns an error.
-func (kl *Kubelet) getRootDirContext() (string, error) {
-	// If SELinux is not enabled, return an empty string
-	if !selinux.SelinuxEnabled() {
-		return "", nil
-	}
-
-	// Get the SELinux context of the rootDir.
-	return selinux.Getfilecon(kl.getRootDir())
-}

pkg/kubelet/root_context_unsupported.go

@@ -1,24 +0,0 @@
-// +build !linux
-
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package kubelet
-
-func (kl *Kubelet) getRootDirContext() (string, error) {
-	// For now, just return a blank security context on unsupported platforms
-	return "", nil
-}

pkg/kubelet/volume_host.go

@@ -132,12 +132,3 @@ func (kvh *kubeletVolumeHost) GetNodeAllocatable() (api.ResourceList, error) {
 	}
 	return node.Status.Allocatable, nil
 }
-
-func (kvh *kubeletVolumeHost) GetRootContext() string {
-	rootContext, err := kvh.kubelet.getRootDirContext()
-	if err != nil {
-		return ""
-	}
-
-	return rootContext
-}

pkg/kubelet/volumemanager/volume_manager_test.go

@@ -184,7 +184,7 @@ func newTestVolumeManager(
 	plug := &volumetest.FakeVolumePlugin{PluginName: "fake", Host: nil}
 	fakeRecorder := &record.FakeRecorder{}
 	plugMgr := &volume.VolumePluginMgr{}
-	plugMgr.InitPlugins([]volume.VolumePlugin{plug}, volumetest.NewFakeVolumeHost(tmpDir, kubeClient, nil, "" /* rootContext */))
+	plugMgr.InitPlugins([]volume.VolumePlugin{plug}, volumetest.NewFakeVolumeHost(tmpDir, kubeClient, nil))
 
 	vm, err := NewVolumeManager(
 		true,