SELinux validity checks

siderolabs / talos

Talos Linux is a modern Linux distribution built for Kubernetes.

https://www.talos.dev

Mozilla Public License 2.0

6.81k stars 544 forks source link

Open dsseng opened 2 days ago

dsseng commented 2 days ago

[ ] Figure out which binaries can be ran by init and udev, add necessary SELinux rules - _Originally posted by @frezbo in https://github.com/siderolabs/talos/pull/9617#discussion_r1825640385_
[ ] label static pods
[ ] Ensure netlink is secured
[ ] label libraries
```
### Tasks
```
[ ] Have some policy similar to setsebool secure_mode_policyload on

frezbo commented 2 days ago

I guess we need to also label files coming from extensions :thinking:

dsseng commented 2 days ago

yes, that should probably take place when we build with extensions. Let's sort that out later