k3s-selinux support on SUSE SLES 15 SP1

[akashpatel2]

k3s-selinux support on SUSE SLES 15 SP1:

Hi Team, Can you add support of k3s-selinux on SUSE SLES hosts ?

k3s-selinux requires 'container-selinux' package, and i could not find 'container-selinux' package for SUSE SLES hosts.

Thanks, Akash

[bobhenkel]

This has some details of installing it on sles15 SP1.

https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-selinux.html#sec-selinux-install

[akashpatel2]

This has some details of installing it on sles15 SP1.

https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-selinux.html#sec-selinux-install

Thank you for the response, the link you shared has the steps, to install and enable SLES with SELinux mode (permissive or enable with default SELinux policy).

Here the ask was:

For k3s installation on SLES (with SELinux enable mode), we need to install k3s-selinux-policy rpm packages. container-selinux and selinux-policy-base are two dependency packages for k3s-selinux-policy. We could not find any official repo from SUSE side which allows to install above mentioned packages with dependencies.

As a work around, we used INSTALL_K3S_SELINUX_WARN=true Env variable during k3s installation (with docker) to skip k3s-selinux-policy rpm installation.

so, if you claim the support of k3s on SLES (with SELinux enable mode), how did you resolve the above mentioned problem ?

[kiruthi006]

Even work around with INSTALL_K3S_SELINUX_WARN=true Env variable during k3s rpm installation to skip k3s-selinux-policy rpm installation with containerd is not working. If SLES machine can add the k3s-selinux-policy support that would work great for many.

[kiruthi006]

As a work around, Removing requires & adding "Autoreq: no && AutoReqProv: no" in the k3s.spec file helps to install the rpm without checking for dependency in sles linux (k3s-selinux)