Node_exporter with SELinux on CoreOS

genebean · October 29, 2024, 1:07am

Anyone have any tips on how to make a containerized Prometheus node_exporter (run as a DaemonSet in k8s) to work well with CoreOS with SELinux enabled

augenauf · October 29, 2024, 9:25am

Added selinux

augenauf · October 29, 2024, 9:26am

Added container

siosm · October 29, 2024, 11:23am

What kind of issues are you having? You will likely have to run the DaemonSet as a privileged container to get access to all the information from the host.

genebean · October 29, 2024, 11:57am

Lots of permission denied by SELinux when trying to do things like access file systems under /host/proc. I was really hoping there was a pre-made policy somewhere for it a la what it seem Gentoo has (https://packages.gentoo.org/packages/sec-policy/selinux-node_exporter) so that I don’t have to use a privileged pod.

Topic		Replies	Views
Selinux podman fedora server 40 Ask Fedora podman , selinux , server , f40	5	488	July 12, 2024
Permissioned Denied, Unable to install packages using Docker Build in CoreOS Ask Fedora docker , coreos	7	2399	April 7, 2022
SELinux preventing read on files copied during Docker build Ask Fedora docker , selinux , coreos	1	483	January 24, 2023
Documentation Suggestions for Podman SElinux Cockpit Ask Fedora	6	1984	April 24, 2020
Errors running podman containers on Fedora IoT 35 Ask Fedora f35 , selinux , iot	10	2084	December 19, 2021

Node_exporter with SELinux on CoreOS

Related topics