Intel Device Plugins returns error "permission denied" on RHOCP 4.15.3

Question

Intel Device Plugins returns error "permission denied" on RHOCP 4.15.3

hershpa opened this issue 9 months ago · 1 comments

Summary:

Intel Device Plugins returns error "permission denied" on RHOCP 4.15.3. Kubelet is running with the wrong label. The same issue was observed and fixed on 4.14.10. See this for more details: #113. The SeLinux Regression fix is not integrated into RHOCP 4.15 properly.

Error:

Failed to serve gpu.intel.com/i915: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /var/lib/kubelet/device-plugins/kubelet.sock: connect: permission denied"

Root Cause:

Kubelet should run as kubelet_exec_t and not unconfined_service_t label.

sh-5.1# ps -AZ | grep kubelet
system_u:system_r:unconfined_service_t:s0 34373 ? 01:59:27 kubelet
sh-5.1#

Answer 1 · 2024-06-10T16:21:23.000Z

The issue was verified to be resolved in 4.15.6. See https://issues.redhat.com/browse/OCPBUGS-31376 for more details.