From 38a06cadee827e64032af03987203d9c38e984cc Mon Sep 17 00:00:00 2001 From: Graham Whaley Date: Tue, 25 Sep 2018 15:21:25 +0100 Subject: [PATCH] Limitations: add selinux support limitation We do not currently support enablement of `selinux` in the dockerd config. Document that. Fixes: #252 Signed-off-by: Graham Whaley --- Limitations.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/Limitations.md b/Limitations.md index a0555bbb..6c2149c1 100644 --- a/Limitations.md +++ b/Limitations.md @@ -14,6 +14,8 @@ * [Resource management](#resource-management) * [docker run and shared memory](#docker-run-and-shared-memory) * [docker run and sysctl](#docker-run-and-sysctl) + * [Docker daemon features](#docker-daemon-features) + * [selinux support](#selinux-support) * [Architectural limitations](#architectural-limitations) * [Networking limitations](#networking-limitations) * [Support for joining an existing VM network](#support-for-joining-an-existing-vm-network) @@ -177,6 +179,23 @@ allows configuring the sysctl settings that support namespacing. From a security See issue https://github.com/kata-containers/runtime/issues/185 for more information. +## Docker daemon features + +Some features enabled or implemented via the +[dockerd daemon](https://docs.docker.com/config/daemon/) configuration are not yet +implemented. + +### selinux support + +The `dockerd` configuration option `"selinux-enabled": true` is not presently implemented +in Kata Containers. Enabling this option causes an OCI runtime error. + +See issue https://github.com/kata-containers/runtime/issues/784 for more information. + +The consequence of this is that the [Docker --security-opt is only partially supported](#docker---security-opt-option-partially-supported). + +Kubernetes [selinux labels](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#assign-selinux-labels-to-a-container) will also not be applied. + # Architectural limitations This section lists items that might not be fixed due to fundamental