Closed aceeric closed 1 month ago
Our selinux policies are designed to work with RKE2 as is. You would need to right your own policies to handle a custom data-dir.
I suspected that would be the case - I looked on the various documentation sites and didn't see any direct mention of that. Perhaps consider adding some verbiage to https://docs.rke2.io/reference/server_config.
Thank you.
Environmental Info: RKE2 Version: v1.28.12+rke2r1
Node(s) CPU architecture, OS, and Version:
Command:
Output:
Command:
Ouput:
Command:
Output:
Command:
Output:
Command:
Output:
Cluster Configuration: Single node.
Describe the bug: It looks like specifying a different
data-dir
is not supported on SELinux.Steps To Reproduce:
data-dir
1. Create a single EC2 instance with SELinux enforcing I don't provide details here since there are so many ways to do it.
2. Configure RKE2 pre-reqs
Create a script with these contents and run it:
3. Yum install RKE2
4. Configure the
data-dir
5. Start RKE2
6. Observe that RKE2 never starts
journalctl -u rke2-server -f
Seems the get stuck at:7. Repeat the process with SELinux disabled
All steps are the same except:
Observe that RKE2 does start up. Verify:
Output:
Expected behavior: Cluster starts.
Actual behavior: Cluster does not start.