A Kubernetes policy replacement for Pod Security Policy that enforces and controls SELinux usage in pod and container security contexts.
Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux
This tool is used to enforce SELinux security context configurations within Kubernetes pods, containers, init containers, and ephemeral containers, ensuring compliance with defined SELinux policies. Kubernetes administrators and security engineers would use this policy to replace deprecated Pod Security Policies and automate SELinux enforcement in cluster workloads.
This policy requires proper configuration of SELinux options to avoid pod admission failures. It acts as a mutating policy when MustRunAs is set, so users should ensure that default SELinux contexts are appropriate for their workloads. It is designed to be used within the Kubewarden framework.
rule: RunAsAny
Configures the policy to accept any SELinux options without restriction.
rule: MustRunAs user: user role: role type: type level: s0:c0,c6
Configures the policy to enforce specific SELinux options, mutating pods to apply defaults if none are set.