Limitations: add selinux support limitation #253
Conversation
|
LGTM |
|
I appreciate you're documenting the docker server side, but is this all essentially the same as the following?: That section doesn't spell it all out (as we don't want to have to enumerate all the security types which may change), but we don't support |
|
Ah, so that is the link to how/where it gets passed into the runtime @jodh-intel - how about I add a ref in my new section over to that --security-opt one? |
|
@grahamwhaley - yep, that plan sounds good to me. |
|
@grahamwhaley k8s also has selinux labels: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#assign-selinux-labels-to-a-container |
We do not currently support enablement of `selinux` in the dockerd config. Document that. Fixes: kata-containers#252 Signed-off-by: Graham Whaley <[email protected]>
grahamwhaley
force-pushed
the
20180925_selinux_limitation
branch
from
e465f82 to
38a06ca
Compare
|
OK, I've added a link to the other section to ref the non-working security option, and also a link out to the k8s selinux label page. @jodh-intel @amshinde ptal. |
|
lgtm
|
|
afaik, this is done. In theory, needs one more ack from @kata-containers/documentation , but, it seems pullapprove may not have registered @jodh-intel ack. I'm OK with somebody pushing this through if they want. |
|
lgtm
|
…-bump # Kata Containers 1.6.0-rc2
We do not currently support enablement of
selinuxin thedockerd config. Document that.
Fixes: #252
Signed-off-by: Graham Whaley [email protected]