Document change to K3s SELinux option#2686
Conversation
|
@ShylajaDevadiga can you review this for k3s v1.19.1 release? I think we may need to call out k3s-io/k3s#2058 (comment) do you have information on this and if so could briefly post what this needs in docs? |
| {{%/tab%}} | ||
| {{% tab "K3s prior to v1.19.1+k3s1" %}} | ||
|
|
||
| You can turn off SELinux enforcement in the embedded containerd by launching K3s with the `--disable-selinux` flag. |
There was a problem hiding this comment.
We do not have --disable-selinux flag instead use --selinux=false or skip selinux flag which does not enable selinux
There was a problem hiding this comment.
This tab is saying that the --disable-selinux flag was used in older versions than v1.19.x. This tab won't show by default. is that OK?
There was a problem hiding this comment.
Sounds good @catherineluse Thanks
| {{% tabs %}} | ||
| {{% tab "K3s v1.19.1+k3s1" %}} | ||
|
|
||
| To leverage experimental SELinux, specify the `--selinux` flag when starting K3s servers and agents. |
There was a problem hiding this comment.
Can we explicitly say, not passing the flag would have selinux in disabled mode
There was a problem hiding this comment.
Hmm. In my opinion this is probably fine as it is.
There was a problem hiding this comment.
I'll leave this sentence as is because @dweomer clarified it in his suggestion as well
| ``` | ||
| {{%/tab%}} | ||
| {{% tab "K3s prior to v1.19.1+k3s1" %}} | ||
|
|
There was a problem hiding this comment.
As suggested, https://github.com/rancher/docs/pull/2686/files#r489578963, mentioning the --selinux flag without mentioning the conflict with --disable-selinux will likely lead to confusion and error. Additionally we should note for users that --disable-selinux is deprecated and will be either ignored or simply unrecognized, resulting in an error, in future minor releases.
There was a problem hiding this comment.
Added the info to the K3s v1.19+ tab:
The
--disable-selinuxoption should not be used. It is deprecated and will be either ignored or will be unrecognized, resulting in an error, in future minor releases.
…ags are used Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
|
This seems somewhat related. A community member made this change to the same section: #2538 Should that change be included here? |
|
I also updated it to say a custom
|
|
LGTM |
4 participants
This PR addresses this issue k3s-io/k3s#2247 and it's related to this issue k3s-io/k3s#2058