Open deiberts86 opened 1 month ago
@deiberts86 check the SELinux labels of the k3s
binary:
ls -Z /usr/local/bin/k3s
Output should be similar to the following:
unconfined_u:object_r:container_runtime_exec_t:s0 /usr/local/bin/k3s
If not, try restoring the SELinux labels on that file using the following:
/usr/sbin/restorecon /usr/local/bin/k3s
A primer on SELinux that I found very helpful: https://www.youtube.com/watch?v=_WOKRaM-HI4
PROBLEM: K3s Selinux doesn't seem to work well with Cilium CNI on K3s.
Installed container-selinux and k3s-selinux:
Current K3s config.yaml file:
Installation of Cilium goes through just fine as expect but fails on SELinux with
RUNC
Output sample from Audit of SELinux
When I set the overall SELinux policy to
Permissive
and restart server, it works like a champ. Can anyone look into this?