You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
but that obviously disables it for the whole node. I was wondering if there was a way to disable SeLinux labelling for just that runtime, runsc, without disabling it for everything else.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I'm using gVisor in K3s, which is incompatible with SeLinux. If I use the following config to add my gVisor runtime:
I can get it to work by coupling it with:
but that obviously disables it for the whole node. I was wondering if there was a way to disable SeLinux labelling for just that runtime,
runsc, without disabling it for everything else.For context, gVisor tests for labels here: https://github.com/google/gvisor/blob/master/runsc/specutils/specutils.go#L150. Maybe there's a way I could pass
SelinuxLabel = ""? I'm unsure where that'd be thoughBeta Was this translation helpful? Give feedback.
All reactions