Skip to content

JAORMX/selinux-k8s

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
manifests
manifests
 
 
scripts
scripts
 
 
selinux_k8s
selinux_k8s
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

selinux-k8s

This is a small script that wraps up udica and allows you to scan containers from a Kubernetes deployment's CRI, and generate SELinux policies from them. The script will create a ConfigMap in the namespace where the pod is running.

Normally one would deploy this as a pod (either directly or from an operator).

An example of how to deploy this pod is provided in the repo. This example contains all the relevant bind-mounts to make udica and the SELinux utilities work from the pod, as well as the bind-mount to be able to call the CRI.

TODO

  • Handle duplicated ConfigMaps: What happens when the ConfigMap that this tool is trying to create already exists? Should it overwrite, ignore or fail?

  • Get capabilities for pods

  • Read extra capabilities needed for a specific pod (user provided)

About

selinux-k8s

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages