make SELinux enforcing status configurable #47
Labels
area/os
Operation system related
kind/enhancement
Enhancement, improvement, extension
lifecycle/rotten
Nobody worked on this for 12 months (final aging stage)
os/garden-linux
Related to Garden Linux OS
priority/4
Priority (lower number equals higher priority)
How to categorize this issue?
/area os
/kind enhancement
/priority 4
/os garden-linux
What would you like to be added:
Future releases of GardenLinux will come with SELinux tools and policies (packages
selinux-basics
andselinux-policy-default
). Having these packages in Garden Linux will make the system capable of enforcing SELinux policies but by default, SELinux will be in permissive mode.It should be possible to enable SELinux (i.e. set it to enforcing) individually for shoots or worker pools through the this OS extension.
Why is this needed:
Some workloads might require SELinux and some workloads might fail on worker nodes that have SELinux enabled. For those, it should be possible to enable/disable SELinux for individual shoots or even for worker pools.
The text was updated successfully, but these errors were encountered: