wrabcak
commented
4 years ago @JAORMX @rhatdan , Guys we can discuss this RFE here.
Open HariAccuknox opened 4 years ago
wrabcak
commented
4 years ago @JAORMX @rhatdan , Guys we can discuss this RFE here.
JAORMX
commented
4 years ago @wrabcak wouldn't applying a new SELinux policy require a container restart either way? thought you needed to set SELinux labels on process start.
HariAccuknox
commented
4 years ago Can we provide default selinux profile with certain profiles for containers and overriding containers with daemon sighup . This will certainly improve sel implementation in containers
On Fri, 18 Sep 2020, 19:05 Juan Osorio Robles, notifications@github.com wrote:
@wrabcak https://github.com/wrabcak wouldn't applying a new SELinux policy require a container restart either way? thought you needed to set SELinux labels on process start.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/containers/udica/issues/75#issuecomment-694871423, or unsubscribe https://github.com/notifications/unsubscribe-auth/APYLVFQ7SZWZ6FDRCQZZOSDSGNO2LANCNFSM4RR3S27A .
wrabcak
commented
4 years ago @JAORMX, there is a possibility to force label change during process runtime, but I don't know if it's possible for containers.
JAORMX
commented
4 years ago @JAORMX, there is a possibility to force label change during process runtime, but I don't know if it's possible for containers.
Uhm...that might be an RFE then for the container runtime (e.g. Podman) more than Udica.
wrabcak
commented
4 years ago Sorry, it's not possible discuss with SELinux userspace maintainer.
Runtime Security After creating my_container.process for a container can we make it t apply to container without restarting the containers.
Describe the solution you'd like
Running a udica daemon to capture the container specs to create and applying SIGHUP to the daemon to hot reload
Describe alternatives you've considered
Running daemonsets in all nodes or one daemon to all nodes to .