Merge pull request #2311 from AndrewSirenko/fix-selinux

Fix node.selinux configuration parameter & release Helm Chart v2.39.1

Author: k8s-ci-robot

charts/aws-ebs-csi-driver/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Helm chart
 
+## v2.39.1
+
+### Bug or Regression
+- Fix `node.selinux` to properly set SELinux-specific mounts as ReadOnly ([#2311](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2311), [@AndrewSirenko](https://github.com/AndrewSirenko))
+
 ## v2.39.0
 
 ### Feature

charts/aws-ebs-csi-driver/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.39.0
 name: aws-ebs-csi-driver
 description: A Helm chart for AWS EBS CSI Driver
-version: 2.39.0
+version: 2.39.1
 kubeVersion: ">=1.17.0-0"
 home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
 sources:

charts/aws-ebs-csi-driver/templates/_node.tpl

@@ -134,8 +134,10 @@ spec:
             {{- if .Values.node.selinux }}
             - name: selinux-sysfs
               mountPath: /sys/fs/selinux
+              readOnly: true
             - name: selinux-config
               mountPath: /etc/selinux/config
+              readOnly: true
             {{- end }}
           {{- with .Values.node.volumeMounts }}
           {{- toYaml . | nindent 12 }}
@@ -259,12 +261,10 @@ spec:
           hostPath:
             path: /sys/fs/selinux
             type: Directory
-            readOnly: true
         - name: selinux-config
           hostPath:
             path: /etc/selinux/config
             type: File
-            readOnly: true
         {{- end }}
         - name: probe-dir
           {{- if .Values.node.probeDirVolume }}