Skip to content

fix(kubevirt): use container_kvm_t SELinux type for hp pods for security compliance #1665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

fix(kubevirt): use container_kvm_t SELinux type for hp pods for security compliance #1665

wants to merge 2 commits into from

Conversation

@loktev-d
Copy link
Contributor

@loktev-d loktev-d commented Nov 6, 2025
edited
Loading

Description

Change KubeVirt SELinux launcher type from spc_t to container_kvm_t to comply with Deckhouse baseline pod security policies (D8SeLinux).

Why do we need it, and what problem does it solve?

What is the expected result?

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: kubevirt
type: fix
summary: use container_kvm_t SELinux type for KubeVirt pods for security compliance

@loktev-d
wip
121b9af 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d loktev-d requested review from Isteb4k and fl64 as code owners November 6, 2025 18:14
@loktev-d loktev-d changed the title fix(kubevirt): use container_kvm_t SELinux type for KubeVirt pods for security compliance fix(kubevirt): use container_kvm_t SELinux type for hp pods for security compliance Nov 6, 2025
@loktev-d
add kubevirt branch
88e733f 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d loktev-d marked this pull request as draft November 7, 2025 06:50
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Nov 7, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Nov 7, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Nov 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fl64 fl64 Awaiting requested review from fl64 fl64 is a code owner

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@loktev-d loktev-d

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@loktev-d @deckhouse-BOaTswain