Add support SELinux type label setting in Kubernetes executor (!3451) · Merge requests · GitLab.org / gitlab-runner

Omar Aloraini requested to merge ooraini/gitlab-runner:main into main May 18, 2022

What does this MR do?

Add SELinuxType option to the Kubernetes executor configuration.

Why was this MR needed?

Gitlab CI is used in a variety of ways, some of which build or run containers as part of the job. Doing so inside a pod requires giving it a more privileged type label such as spc_t.

https://www.redhat.com/sysadmin/podman-inside-kubernetes https://www.redhat.com/sysadmin/podman-inside-container

Currently, it's not possible to do so. The alternative is set the privileged flag on the Pod(or one of its containers), which unlocks everything to the processes inside.

What's the best way to test this MR?

New test cases.

What are the relevant issue numbers?

close #28050 (closed)

Edited Jul 22, 2022 by Romuald Atchadé

Add support SELinux type label setting in Kubernetes executor

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports