Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

Disable selinux #2442

Closed
amshinde opened this issue Feb 7, 2020 · 0 comments · Fixed by #2443
Closed

Disable selinux #2442

amshinde opened this issue Feb 7, 2020 · 0 comments · Fixed by #2443

Comments

@amshinde
Copy link
Member

amshinde commented Feb 7, 2020

Kata fails when selinux policy is enforced and the container manager passes those labels in the OCI spec as reported in this issue:
#784

We should implement support for selinux. The first basic step would be to add selinux file system mount in the guest.
Before implementing support for selinux, lets disable it by not passing the selinux labels to the container running in the guest, to unblock users running kata on a system with selinux policy enforced.
amshinde added a commit to amshinde/kata-runtime that referenced this issue Feb 7, 2020
@amshinde
selinux: Disable selinux
387fe26 
Till we implement support for selinux, disable selinux
by not passing selinux labels in the container spec.

Fixes kata-containers#2442

Signed-off-by: Archana Shinde <[email protected]>
@amshinde amshinde mentioned this issue Feb 7, 2020
Merged
amshinde added a commit to amshinde/kata-runtime that referenced this issue Feb 7, 2020
@amshinde
selinux: Disable selinux
e3f4e44 
Till we implement support for selinux, disable selinux
by not passing selinux labels in the container spec.

Fixes kata-containers#2442

Signed-off-by: Archana Shinde <[email protected]>
amshinde added a commit to amshinde/kata-runtime that referenced this issue Feb 7, 2020
@amshinde
selinux: Disable selinux
e49084e 
Till we implement support for selinux, disable selinux
by not passing selinux labels in the container spec.

Fixes kata-containers#2442

Signed-off-by: Archana Shinde <[email protected]>
amshinde added a commit to amshinde/kata-runtime that referenced this issue Feb 7, 2020
@amshinde
selinux: Disable selinux
055f317 
Till we implement support for selinux, disable selinux
by not passing selinux labels in the container spec.

Fixes kata-containers#2442

Signed-off-by: Archana Shinde <[email protected]>
evanfoster pushed a commit to evanfoster/runtime that referenced this issue Mar 9, 2020
@amshinde
selinux: Disable selinux
54c4010 
Till we implement support for selinux, disable selinux
by not passing selinux labels in the container spec.

Fixes kata-containers#2442

Signed-off-by: Archana Shinde <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

selinux: Disable selinux amshinde/kata-runtime
1 participant
@amshinde