[Container-tools] SELinux vs Kubernetes volumes
Praveen Kumar
kumarpraveen.nitdgp at gmail.com
Thu Apr 7 09:47:25 UTC 2016
Hi,
Long back Thomas filled a issue[0] about SELinux policy for kubernetes
storage volumes. I was looking into it and filled a bug[1] for same
also was able to get in touch with Daniel J Walsh and Paul. As per
given suggestions and with some of experiments I did, I am still not
sure if that is good idea to set SELinux-context directory wide.
In ideal situation k8s service suppose to relabel SELinux context for
each pod's mount point and a external container (not part of the pod)
should not access that volume but that is not happening currently if
we set SELinux-context directory wide.
Any Suggestions?
[0] https://github.com/projectatomic/adb-atomic-developer-bundle/issues/117
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1298568
--
Praveen Kumar
http://fedoraproject.org/wiki/User:Kumarpraveen
http://fedoraproject.org/
http://kumar-pravin.blogspot.com
More information about the Container-tools
mailing list