-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SELinux blocks audit logs by default #692
Comments
@dweomer lets see if we can squuze this into 1.20.3 for RKE2. We aren't releasing rke2 1.20 until late feb, so you have most of next week to fit this in. |
Added working label as it's being actively worked on. |
While this most likely is just tied to an selinux policy rpm release (and not necessarily an RKE2 release) I'm targeting a fix for this by Mid-May (hence the 1.20.7 milestone). We will attempt to get this in by mid-may. |
Resolve in master of rke2-selinux via PR rancher/rke2-selinux#17 |
Validated in rke2 version v1.21.1-rc1+rke2r1 on Centos 8.2 with selinux enabled cis enabled cluster
With Policy set to log event metadata, request and response bodies
Snippet from the logs
|
Tagged v0.7.testing.1 in rke2-selinux - will retag in other channels shortly. |
Installing RKE2 in RHEL 8,
/etc/rancher/rke2/config.yaml
and
/etc/rancher/rke2/audit-policy.yaml:
Once the service is started audit logs do not get populated. I get errors in the Kubernetes-apiserver pods and audit.log
crictl logs:
/var/log/audit/audit.log:
Workaround I've done is using audit2allow to create a policy to allow:
The text was updated successfully, but these errors were encountered: