Integrate SELinux policies from DGX

Question

Integrate SELinux policies from DGX

qhaas opened this issue 4 years ago · 2 comments

The dgx-selinux project has dgx-2 RHEL7 specific policies for nvidia containers that have been leveraged by the community for other platforms.

It would be useful to make these policies more general to cover non-DGX2 environments and RHEL8 such that one less barrier to achieving features like rootless podman with gpu support (Issue #85 ) can be realized.

Answer 1 · 2021-12-06T13:06:39.000Z

The recently added nvidia documentation for podman with GPU support only mentions selinux guidance for RHEL7 and suggests simply using --security-opt=label=disable, it does not seem to mention the SELinux policies from the dgx-selinux project mentioned above.

Answer 2 · 2023-10-20T13:37:26.000Z

@qhaas I'm triaging the issues in this repo.

If there are concrete steps that you can propose to make the SELinux experience more seamless, please open a new issue against the https://github.com/NVIDIA/nvidia-container-toolkit project.

Note that in the medium to long term, the use of CDI will address many of the issues with running rootless containers, but may still require some additional steps to get the UX right.