nerdctl icon indicating copy to clipboard operation
nerdctl copied to clipboard
verified publisher icon containerd

Support SELinux: --security-opt label

Open fengwei0328 opened this issue 1 month ago • 1 comments

What is the problem you're trying to solve

Security flags: 🐳 --security-opt seccomp=<PROFILE_JSON_FILE>: specify custom seccomp profile 🐳 --security-opt apparmor=<PROFILE>: specify custom AppArmor profile 🐳 --security-opt no-new-privileges: disallow privilege escalation, e.g., setuid and file capabilities 🐳 --security-opt systempaths=unconfined: Turn off confinement for system paths (masked paths, read-only paths) for the container 🐳 --security-opt writable-cgroups: making the cgroups writeable 🤓 --security-opt privileged-without-host-devices: Don't pass host devices to privileged containers

nerdctl has always lacked SELinux-related labels: similar to Docker's --security-opt label

Describe the solution you'd like

The function and fields are similar to: Docker's --security-opt label

Additional context

No response

fengwei0328 avatar Nov 20 '25 12:11 fengwei0328

https://github.com/containerd/nerdctl/pull/4639 will fix

ningmingxiao avatar Dec 06 '25 15:12 ningmingxiao