STOR-2384: UPSTREAM: 133425: Fix SELinux label comparison

[jsafrane]

The comparison of SELinux labels in KCM tolerates missing fields - the operating system is going to default them from its defaults, but in KCM we don't know what the defaults are.

But the OS won't default the last component, "level", which includes also categories. Make sure that labels with a level set conflicts with level "", that's what will conflict on the OS too.

Add also some e2e tests for that.

[openshift-ci-robot]

@jsafrane: This pull request references STOR-2384 which is a valid jira issue.

In response to this:

The comparison of SELinux labels in KCM tolerates missing fields - the operating system is going to default them from its defaults, but in KCM we don't know what the defaults are.

But the OS won't default the last component, "level", which includes also categories. Make sure that labels with a level set conflicts with level "", that's what will conflict on the OS too.

Add also some e2e tests for that.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jsafrane: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

• 8bc2322|UPSTREAM: 133425: Fix SELinux label comparison: the upstream PR kubernetes/kubernetes#133425 has not yet merged

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jsafrane
Once this PR has been reviewed and has the lgtm label, please assign benluddy for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jsafrane]

The PR is not merged upstream yet due to freeze. We may need to merge them to OCP before the freeze is lifted.

[jsafrane]

cc @openshift/storage

[openshift-ci]

@jsafrane: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-hypershift	8bc2322	link	true	/test e2e-aws-ovn-hypershift
ci/prow/e2e-aws-ovn-runc	8bc2322	link	true	/test e2e-aws-ovn-runc
ci/prow/e2e-aws-ovn-cgroupsv2	8bc2322	link	true	/test e2e-aws-ovn-cgroupsv2
ci/prow/okd-scos-e2e-aws-ovn	8bc2322	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/verify	8bc2322	link	true	/test verify
ci/prow/e2e-aws-ovn-techpreview	8bc2322	link	false	/test e2e-aws-ovn-techpreview
ci/prow/e2e-aws-crun-wasm	8bc2322	link	true	/test e2e-aws-crun-wasm
ci/prow/e2e-aws-ovn-techpreview-serial	8bc2322	link	false	/test e2e-aws-ovn-techpreview-serial

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.