From cc7a609866b114d2a2cf29ec9ee63935486f69d4 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Wed, 11 May 2022 00:51:12 +0200 Subject: [PATCH] fix(drivers): Make AMD drivers run as Super Privileged Containers In order to make the amd drivers deployment SELinux aware, this patch sets SELinux `type` to `spc_t`, which allows the container to access the target paths and install the driver as intended. --- infrastructure/drivers/amd-gpu.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/infrastructure/drivers/amd-gpu.yaml b/infrastructure/drivers/amd-gpu.yaml index 81ddd3806..16c265055 100644 --- a/infrastructure/drivers/amd-gpu.yaml +++ b/infrastructure/drivers/amd-gpu.yaml @@ -26,3 +26,10 @@ spec: interval: 5m values: namespace: drivers-system + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seLinuxOptions: + type: spc_t -- GitLab