Skip to content
/ selinux-psp-policy Public

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux

kubewarden.io

License

Apache-2.0 license
1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kubewarden/selinux-psp-policy

3 Branches14 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

viccuadviccuad
Merge pull request #102 from kubewarden/renovate/all-minor-patch
Mar 3, 2025
7fbce08 · Mar 3, 2025

History

215 Commits
.github/workflows
.github/workflows
Mar 3, 2025
src
src
Aug 31, 2023
test_data
test_data
Nov 18, 2021
.gitignore
.gitignore
Jan 26, 2022
CODEOWNERS
CODEOWNERS
Feb 7, 2022
CONTRIBUTING.md
CONTRIBUTING.md
Oct 25, 2023
Cargo.lock
Cargo.lock
Mar 3, 2025
Cargo.toml
Cargo.toml
Feb 10, 2025
LICENSE
LICENSE
Nov 18, 2021
Makefile
Makefile
Jun 5, 2024
README.md
README.md
May 31, 2024
artifacthub-pkg.yml
artifacthub-pkg.yml
Oct 16, 2023
artifacthub-repo.yml
artifacthub-repo.yml
Jul 19, 2022
hub.yml
hub.yml
Dec 3, 2021
metadata.yml
metadata.yml
Jul 7, 2023
questions-ui.yml
questions-ui.yml
Mar 16, 2023
renovate.json
renovate.json
Feb 10, 2022

Repository files navigation

Kubewarden Policy Repository Stable

Kubewarden policy psp-selinux

Description

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux in the pod security context and on containers, init containers and ephemeral containers. This policy will inspect the .spec.securityContext.seLinuxOptions of the pod if the container has no specific .spec.securityContext.seLinuxOptions. In other words, the seLinuxOptions of the container, init container and ephemeral containers take precendence over the pod seLinuxOptions, if any.

Settings

This policy works by defining what seLinuxOptions can be set at the pod level and at the container level.

One of the following setting keys are accepted for this policy:

  • MustRunAs: contains the desired value for the seLinuxOptions parameter. If the pod does not contain a .securityContext, or a .securityContext.seLinuxOptions, then this policy acts as mutating and defaults the seLinuxOptions attribute to the one provided in the configuration. In all cases, pod containers, init container and ephemeral containers .seLinuxOptions are checked for compatibility if they override the Pod Security Context seLinuxOptions value.
  • RunAsAny: always accepts the request.

Configuration examples:

rule: RunAsAny
rule: MustRunAs
user: user
role: role
type: type
level: s0:c0,c6

About

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux

kubewarden.io

Topics

kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

3 forks
Report repository

Releases 14

Release v0.1.12 Latest
Jul 11, 2023
+ 13 releases

Packages 2

Contributors 9

Languages