Hey all,

With CVE-2019-5736 dropping today, I thought it would be a good opportunity to poke about the current state of SELinux support in Kolla. The docs have said it is a work in progress since the Mitaka release at least. I did find a spec that was marked as completed, but I am not aware that there is yet any support and I see that the baremetal role still forces SELinux to "permissive" by default.

Is anybody currently working on this or is there an update spec/blueprint to track the development here? I am no SELinux expert by any means but this feels like an important thing to address, particularly if Docker has made it easier to label bind mounts.

Thanks!

Jason Anderson

Cloud Computing Software Developer

Consortium for Advanced Science and Engineering, The University of Chicago

Mathematics & Computer Science Division, Argonne National Laboratory