[RFE] SELinux custom policies #1592

mnbro · 2024-11-28T07:03:40Z

Is there a milestone for implementing SELinux custom policies for Flatcar Linux?

I saw some issues caused by this and I also see some stalled/unclear next steps like in #598 pending for a couple of years.

tormath1 · 2024-11-28T08:44:37Z

Flatcar is shipped with policies from the refpolicy repository (similar to Gentoo) with the current policies:

sec-policy/selinux-base-2.20240226-r2::portage-stable
sec-policy/selinux-base-policy-2.20240226-r2::portage-stable
sec-policy/selinux-container-2.20240226-r2::portage-stable
sec-policy/selinux-dbus-2.20240226-r2::portage-stable
sec-policy/selinux-policykit-2.20240226-r2::portage-stable
sec-policy/selinux-sssd-2.20240226-r2::portage-stable
sec-policy/selinux-unconfined-2.20240226-r2::portage-stable

At this moment, I think it might be possible to load custom policies on Flatcar (via Ignition) but for projects like rke2-selinux it's a bit more complex as those policies rely on containers-selinux which diverges from the refpolicy container implementation.

mnbro added the kind/feature A feature request label Nov 28, 2024

github-project-automation bot added this to Flatcar tactical, release planning, and roadmap Nov 28, 2024

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Nov 28, 2024

tormath1 added the area/selinux Issues related to SELinux label Nov 28, 2024

github-actions bot mentioned this issue Dec 22, 2024

Monthly contributions report 2024-11-22 - 2024-12-21 #1603

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[RFE] SELinux custom policies #1592

[RFE] SELinux custom policies #1592

mnbro commented Nov 28, 2024 •

edited

Loading

tormath1 commented Nov 28, 2024

[RFE] SELinux custom policies #1592

[RFE] SELinux custom policies #1592

Comments

mnbro commented Nov 28, 2024 • edited Loading

tormath1 commented Nov 28, 2024

mnbro commented Nov 28, 2024 •

edited

Loading