Skip to content

Commit

Permalink
selinux: use container_device_plugin_t as RTE context
Browse files Browse the repository at this point in the history
The `container_device_plugin_t` label type, allows communication with
`kubelet_t` context: containers/container-selinux#178.

The PodResourceAPI socket is an object created by Kubelet so it inherents
the same process context, i.e. `kubelet_t`.

Signed-off-by: Talor Itzhak <[email protected]>
  • Loading branch information
Tal-or committed Aug 22, 2024
1 parent a9cfa28 commit e4ca8b9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/selinux/consts.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,6 @@
package selinux

const (
RTEContextType = "rte.process"
RTEContextType = "container_device_plugin_t"
RTEContextLevel = "s0"
)

0 comments on commit e4ca8b9

Please sign in to comment.