[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[kolla] State of SELinux support

Hey all,

With CVE-2019-5736<> dropping today, I thought it would be a good opportunity to poke about the current state of SELinux support in Kolla. The docs<> have said it is a work in progress since the Mitaka release at least. I did find a spec<> that was marked as completed, but I am not aware that there is yet any support and I see that the baremetal role still forces SELinux to "permissive" by default.

Is anybody currently working on this or is there an update spec/blueprint to track the development here? I am no SELinux expert by any means but this feels like an important thing to address, particularly if Docker has made it easier to label bind mounts<>.


Jason Anderson

Cloud Computing Software Developer
Consortium for Advanced Science and Engineering, The University of Chicago
Mathematics & Computer Science Division, Argonne National Laboratory

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>