Hey all, With CVE-2019-5736<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736> dropping today, I thought it would be a good opportunity to poke about the current state of SELinux support in Kolla. The docs<https://docs.openstack.org/kolla-ansible/rocky/user/security.html> have said it is a work in progress since the Mitaka release at least. I did find a spec<https://blueprints.launchpad.net/kolla/+spec/enable-selinux> that was marked as completed, but I am not aware that there is yet any support and I see that the baremetal role still forces SELinux to "permissive" by default. Is anybody currently working on this or is there an update spec/blueprint to track the development here? I am no SELinux expert by any means but this feels like an important thing to address, particularly if Docker has made it easier to label bind mounts<https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label>. Thanks! Jason Anderson Cloud Computing Software Developer Consortium for Advanced Science and Engineering, The University of Chicago Mathematics & Computer Science Division, Argonne National Laboratory -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190212/5312c96e/attachment.html>