search

kairos-io / kairos

:penguin: The immutable Linux meta-distribution for edge Kubernetes.
https://kairos.io
Apache License 2.0
1.05k stars 91 forks source link

SELinux #114

Open mudler opened 1 year ago

jmpolom commented 1 year ago

What is the status of SELinux support with kairos built OS images? I have noticed (via the PRs mentioned here) it's explicitly disabled from the Fedora builds and getenforce reports disabled in the OpenSUSE Tumbleweed builds. I attempted to override the settings via kernel boot arguments in both, and both failed to boot (basically about what I expected). In the case of the Tumbleweed build, systemd halted the boot process when it couldn't load an SELinux policy.

This looks like a very interesting and useful project overall. However SELinux support is an important feature I look for in any distribution I'm considering using. It would be good to know what the barriers are to enabling SELinux when kairos is used to deploy OS images. For example: can I build a custom image with the necessary policy packages and enable SELinux post install? What breaks if I enable SELinux?

jimmykarily commented 7 months ago

Related story: https://github.com/kairos-io/kairos/issues/2107