[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic] Running kubernetes with SELinux Enabled

From: Seth Jennings <sjenning redhat com>
To: 周海兵 <zhouhaibing089 gmail com>
Cc: Daniel Walsh <dwalsh redhat com>, atomic projectatomic io
Subject: Re: [atomic] Running kubernetes with SELinux Enabled
Date: Tue, 14 Jun 2016 09:39:36 -0500

(sorry for the dup, replying on-list)

You might be hitting this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1331580

It is fixed upstream but I'm not sure that it has made its way into an
ostree compose for Atomic yet.

On Tue, Jun 14, 2016 at 2:15 AM, 周海兵 <zhouhaibing089 gmail com> wrote:
> Hi fellows,
>
> This is my first time to sent email to a mail list, so hopefully I will give
> a clear explanation on my question.
>
> We are using AtomicOS fedora to deploy kubernetes, We do not use the version
> that carried along with Atomic due to we are actively develop features for
> kubernetes.
>
> Now that I meet a problem which is already post on
> https://github.com/kubernetes/kubernetes/issues/27282, to be briefly, we
> want to enable SELinux to give more security, but what we found that
> containers could not access volumes mount from `/var` and many other
> directories as there is not a rule to state that `svirt_lxc_net_t` could
> access files with types `var_t`.
>
> It made me very confused on how would `configMap` and `secrets` and other
> volumes type to work properly?
>
> Thanks.
> Haibing

References:
- [atomic] Running kubernetes with SELinux Enabled
  - From: 周海兵

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]