Use Container Policy from SELinuxProject

[patsys]

Hello,

please implement with the Container Policy from https://github.com/SELinuxProject/refpolicy/blob/master/policy/modules/services/container.te

[dweomer]

The policy defined in this repo depends on container-selinux policy available for each supported OS, e.g.:

• https://github.com/rancher/rke2-selinux/blob/v0.9.stable.1/policy/centos8/rke2-selinux.spec#L42

None of the supported OSes yet leverage container-specific policy from the selinux refpolicy:

• el8 :arrow_right: 2.20091117
• sle :arrow_right: (looks like it is copied from fedora, because of course it is. what a mess)

[JAORMX]

FWIW, Flatcar Linux is adopting the container SELinux policy from refpolicy.

[dweomer]

FWIW, Flatcar Linux is adopting the container SELinux policy from refpolicy.

I am looking forward to seeing more modern SELinux installations that diverge from RedHat's.

[galal-hussein]

closing this issue since there is no-op is required from our side