Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHCOS4: Temporarily disable selinux_confinement_of_daemons to work around kubelet bug #10228

Merged
merged 1 commit into from Feb 17, 2023
Merged

RHCOS4: Temporarily disable selinux_confinement_of_daemons to work around kubelet bug #10228

merged 1 commit into from Feb 17, 2023

Conversation

jhrozek
Copy link
Collaborator

@jhrozek jhrozek commented Feb 17, 2023

Description:

  • Disables selinux_confinement_of_daemons for RHCos

Rationale:

kubelet changed its context to unconfined_service_t so this rule fails
and is impossible to remediate. We should push the kubelet developers to
provide a confined domain, but since there is no remediation, we need
to disable the rule in the meantime.

See https://issues.redhat.com/browse/OCPBUGS-6968 for more details.

Review Hints:

  • Make sure that the rule is not enabled in any of RHCOS profiles

@jhrozek
RHCOS4: Temporarily disable selinux_confinement_of_daemons to work ar…
24081a2 
…ound kubelet bug

kubelet changed its context to unconfined_service_t so this rule fails
and is impossible to remediate. We should push the kubelet developers to
provide a confined domain, but since there is no remediation, we need
to disable the rule in the meantime.

See https://issues.redhat.com/browse/OCPBUGS-6968 for more details.
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link

codeclimate bot commented Feb 17, 2023

Code Climate has analyzed commit 24081a2 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 51.7% (0.0% change).

View more on Code Climate.

@rhmdnd
Copy link
Collaborator

rhmdnd commented Feb 17, 2023

/lgtm
/approve

@rhmdnd rhmdnd merged commit f55e4a8 into ComplianceAsCode:master Feb 17, 2023
@Mab879 Mab879 added this to the 0.1.67 milestone Mar 24, 2023
@marcusburghardt marcusburghardt added the OpenShift OpenShift product related. label Nov 23, 2023
@marcusburghardt marcusburghardt self-assigned this Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhmdnd rhmdnd rhmdnd approved these changes

@Vincent056 Vincent056 Awaiting requested review from Vincent056

Assignees

@marcusburghardt marcusburghardt

@rhmdnd rhmdnd

Labels
OpenShift OpenShift product related.
Projects
None yet
Milestone
0.1.67
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jhrozek @rhmdnd @Mab879 @marcusburghardt