search

k3s-io / k3s-selinux

SELinux policy for k3s
Apache License 2.0
66 stars 20 forks source link

Fix centos 7 policy #30

Closed galal-hussein closed 2 years ago

galal-hussein commented 2 years ago

Fix: https://github.com/k3s-io/k3s/issues/5258

CentOS 7 comes with container-selinux version container-selinux-2.119.2-1.911c772.el7_8.noarch which has different domain than the one we use in k3s-selinux v1.0:

# seinfo -acontainer_domain -x
   container_domain
      spc_t
      container_build_t
      container_logreader_t
      container_t

The fix will replace container_runtime_domain which is used recent container-selinux versions.

Note: The fix will risk two things: