SELinux policy interfering with kaniko #981

bcressey · 2020-07-10T02:58:20Z

What I expected to happen:
Kaniko should be able to run.

What actually happened:
Kaniko fails with a "permission denied" error.

How to reproduce the problem:

$ kubectl run -it --image gcr.io/kaniko-project/executor:debug-v0.19.0 test --restart Never --rm --command /busybox/sh
standard_init_linux.go:211: exec user process caused "permission denied"
pod "test" deleted
pod default/test terminated (Error)

A denial is logged for the entrypoint action.

[ 2665.498681] audit: type=1400 audit(1594349602.727:3): avc:  denied  { entrypoint } for  pid=54919 comm="runc:[2:INIT]" path="/busybox/busybox" dev="nvme1n1p1" ino=1062349 scontext=system_u:system_r:container_t:s0 tcontext=system_u:object_r:cache_t:s0 tclass=file permissive=0

The text was updated successfully, but these errors were encountered:

bcressey self-assigned this Jul 10, 2020

bcressey mentioned this issue Jul 10, 2020

fix CSI drivers and kaniko #983

Merged

bcressey added the type/bug Something isn't working label Jul 10, 2020

bcressey added this to the v0.4.1 milestone Jul 10, 2020

bcressey linked a pull request Jul 10, 2020 that will close this issue

fix CSI drivers and kaniko #983

Merged

bcressey closed this as completed in #983 Jul 10, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SELinux policy interfering with kaniko #981

SELinux policy interfering with kaniko #981

bcressey commented Jul 10, 2020

SELinux policy interfering with kaniko #981

SELinux policy interfering with kaniko #981

Comments

bcressey commented Jul 10, 2020