From cc7a609866b114d2a2cf29ec9ee63935486f69d4 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 11 May 2022 00:51:12 +0200
Subject: [PATCH] fix(drivers): Make AMD drivers run as Super Privileged
 Containers

In order to make the amd drivers deployment SELinux aware, this patch
sets SELinux `type` to `spc_t`, which allows the container to access the
target paths and install the driver as intended.
---
 infrastructure/drivers/amd-gpu.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/infrastructure/drivers/amd-gpu.yaml b/infrastructure/drivers/amd-gpu.yaml
index 81ddd3806..16c265055 100644
--- a/infrastructure/drivers/amd-gpu.yaml
+++ b/infrastructure/drivers/amd-gpu.yaml
@@ -26,3 +26,10 @@ spec:
   interval: 5m
   values:
     namespace: drivers-system
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      seLinuxOptions:
+        type: spc_t
-- 
GitLab