Exclude kubelet daemon is running in unconfined_t

Solution Verified - Updated -

Issue

  • The rhcos4-selinux-confinement-of-daemons rule has been disabled in 4.12.26 release which means that any daemon could be running in unconfined_t and we would not fail a compliance check for it.
  • For user this is not an operational issue, but more of a security concern that this rule has been fully disabled and not fixed to allow for kubelet to run in unconfined_t.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4.12.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content