Flatcar support on SELinux
OneAgent can now be deployed on Flatcar. However, due to certain limitations with how SELinux operates on this operating system, you need to address the following configuration constraints:
- Flatcar operates on a read-only filesystem. As a result, if you intend to use SELinux with OneAgent, it requires a specific configuration. For more information about container compatibility with SELinux policy, see the following Flatcar documentation: Check a container’s compatibility with SELinux policy.
- Use a default path to install OneAgent with SELinux enabled.
- By default, Flatcar uses the Multi-Category Security (MCS) policy. To ensure compatibility, you need to change this setting to the
targetedpolicy in the/etc/selinux/configfile.SELINUXTYPE=targeted