From 087e57d25f55e88ba1cd112595da7ede6592b773 Mon Sep 17 00:00:00 2001
From: Andrei Kvapil <kvapss@gmail.com>
Date: Fri, 3 Jan 2025 11:30:28 +0100
Subject: [PATCH] add: disable-selinux workaround

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
---
 .../templates/disable-selinux-workaround.yaml | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 packages/system/kubevirt/templates/disable-selinux-workaround.yaml

diff --git a/packages/system/kubevirt/templates/disable-selinux-workaround.yaml b/packages/system/kubevirt/templates/disable-selinux-workaround.yaml
new file mode 100644
index 00000000..c096dce9
--- /dev/null
+++ b/packages/system/kubevirt/templates/disable-selinux-workaround.yaml
@@ -0,0 +1,41 @@
+# See:
+# - https://github.com/siderolabs/talos/issues/10083
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: disable-selinux
+  namespace: cozy-kubevirt
+  labels:
+    app: disable-selinux
+spec:
+  selector:
+    matchLabels:
+      app: disable-selinux
+  template:
+    metadata:
+      labels:
+        app: disable-selinux
+    spec:
+      containers:
+      - command:
+        - sh
+        - -exc
+        - test -f /host/sys/fs/selinux/enforce && mount -t tmpfs tmpfs /host/sys/fs/selinux; sleep infinity
+        image: docker.io/library/alpine
+        name: mount
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /host
+          mountPropagation: Bidirectional
+          name: host-root
+      hostIPC: true
+      hostNetwork: true
+      hostPID: true
+      tolerations:
+      - operator: Exists
+      volumes:
+      - hostPath:
+          path: /
+        name: host-root