Run time security for containers using udica #75
Comments
|
@wrabcak wouldn't applying a new SELinux policy require a container restart either way? thought you needed to set SELinux labels on process start. |
|
Can we provide default selinux profile with certain profiles for containers
and overriding containers with daemon sighup . This will certainly improve
sel implementation in containers
…On Fri, 18 Sep 2020, 19:05 Juan Osorio Robles, ***@***.***> wrote:
@wrabcak <https://github.com/wrabcak> wouldn't applying a new SELinux
policy require a container restart either way? thought you needed to set
SELinux labels on process start.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APYLVFQ7SZWZ6FDRCQZZOSDSGNO2LANCNFSM4RR3S27A>
.
|
|
@JAORMX, there is a possibility to force label change during process runtime, but I don't know if it's possible for containers. |
Uhm...that might be an RFE then for the container runtime (e.g. Podman) more than Udica. |
|
Sorry, it's not possible discuss with SELinux userspace maintainer. |
vmojzis
added
the
known bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Runtime Security
After creating my_container.process for a container can we make it t apply to container without restarting the containers.
Describe the solution you'd like
Running a udica daemon to capture the container specs to create and applying SIGHUP to the daemon to hot reload
Describe alternatives you've considered
Running daemonsets in all nodes or one daemon to all nodes to
.
The text was updated successfully, but these errors were encountered: