Skip to content

kubewarden/selinux-psp-policy

BranchesTags

Repository files navigation

Kubewarden Policy Repository Stable

Kubewarden policy psp-selinux

Description

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux in the pod security context and on containers, init containers and ephemeral containers. This policy will inspect the .spec.securityContext.seLinuxOptions of the pod if the container has no specific .spec.securityContext.seLinuxOptions. In other words, the seLinuxOptions of the container, init container and ephemeral containers take precendence over the pod seLinuxOptions, if any.

Settings

This policy works by defining what seLinuxOptions can be set at the pod level and at the container level.

One of the following setting keys are accepted for this policy:

  • MustRunAs: contains the desired value for the seLinuxOptions parameter. If the pod does not contain a .securityContext, or a .securityContext.seLinuxOptions, then this policy acts as mutating and defaults the seLinuxOptions attribute to the one provided in the configuration. In all cases, pod containers, init container and ephemeral containers .seLinuxOptions are checked for compatibility if they override the Pod Security Context seLinuxOptions value.
  • RunAsAny: always accepts the request.

Configuration examples:

rule: RunAsAny
rule: MustRunAs
user: user
role: role
type: type
level: s0:c0,c6

About

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux

kubewarden.io

Topics

kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

4 forks
Report repository

Releases 21

v1.0.6 Latest
Nov 13, 2025
+ 20 releases

Packages

 
 
 

Contributors 11

Languages