From bda01518b326e7ac33a0f8633d275e628325fa23 Mon Sep 17 00:00:00 2001
From: Drew Sirenko <68304519+AndrewSirenko@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:51:23 -0500
Subject: [PATCH 1/2] Fix node.selinux configuration parameter

---
 charts/aws-ebs-csi-driver/templates/_node.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/aws-ebs-csi-driver/templates/_node.tpl b/charts/aws-ebs-csi-driver/templates/_node.tpl
index 903b43de03..0a3b2c6642 100644
--- a/charts/aws-ebs-csi-driver/templates/_node.tpl
+++ b/charts/aws-ebs-csi-driver/templates/_node.tpl
@@ -134,8 +134,10 @@ spec:
             {{- if .Values.node.selinux }}
             - name: selinux-sysfs
               mountPath: /sys/fs/selinux
+              readOnly: true
             - name: selinux-config
               mountPath: /etc/selinux/config
+              readOnly: true
             {{- end }}
           {{- with .Values.node.volumeMounts }}
           {{- toYaml . | nindent 12 }}
@@ -259,12 +261,10 @@ spec:
           hostPath:
             path: /sys/fs/selinux
             type: Directory
-            readOnly: true
         - name: selinux-config
           hostPath:
             path: /etc/selinux/config
             type: File
-            readOnly: true
         {{- end }}
         - name: probe-dir
           {{- if .Values.node.probeDirVolume }}

From 140453628375d8479c3e93a308d619a157ac9dae Mon Sep 17 00:00:00 2001
From: Drew Sirenko <68304519+AndrewSirenko@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:51:35 -0500
Subject: [PATCH 2/2] Release Helm Chart v2.39.1

---
 charts/aws-ebs-csi-driver/CHANGELOG.md | 5 +++++
 charts/aws-ebs-csi-driver/Chart.yaml   | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/charts/aws-ebs-csi-driver/CHANGELOG.md b/charts/aws-ebs-csi-driver/CHANGELOG.md
index 6cfb8a5521..1d17a47f81 100644
--- a/charts/aws-ebs-csi-driver/CHANGELOG.md
+++ b/charts/aws-ebs-csi-driver/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Helm chart
 
+## v2.39.1
+
+### Bug or Regression
+- Fix `node.selinux` to properly set SELinux-specific mounts as ReadOnly ([#2311](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2311), [@AndrewSirenko](https://github.com/AndrewSirenko))
+
 ## v2.39.0
 
 ### Feature
diff --git a/charts/aws-ebs-csi-driver/Chart.yaml b/charts/aws-ebs-csi-driver/Chart.yaml
index e314b57674..9aabfb10f4 100644
--- a/charts/aws-ebs-csi-driver/Chart.yaml
+++ b/charts/aws-ebs-csi-driver/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.39.0
 name: aws-ebs-csi-driver
 description: A Helm chart for AWS EBS CSI Driver
-version: 2.39.0
+version: 2.39.1
 kubeVersion: ">=1.17.0-0"
 home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
 sources: