Add support SELinux type label setting in Kubernetes executor
What does this MR do?
Add SELinuxType
option to the Kubernetes executor configuration.
Why was this MR needed?
Gitlab CI is used in a variety of ways, some of which build or run containers as part of the job. Doing so inside a pod requires giving it a more privileged type label such as spc_t
.
https://www.redhat.com/sysadmin/podman-inside-kubernetes https://www.redhat.com/sysadmin/podman-inside-container
Currently, it's not possible to do so. The alternative is set the privileged
flag on the Pod(or one of its containers), which unlocks everything to the processes inside.
What's the best way to test this MR?
New test cases.
What are the relevant issue numbers?
close #28050 (closed)
Edited by Romuald Atchadé