linuxkit/projects/selinux/selinux.yml

kernel:
  image: mobylinux/kernel-selinux:4.9.x
  cmdline: "console=ttyS0 page_poison=1 security=selinux selinux=1"
init:
  - "mobylinux/init:b5249a412536b4e69f8e1f668680d2ae185cc505"
onboot:
  - name: sysctl
    image: mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c
    net: host
    pid: host
    ipc: host
    capabilities:
     - CAP_SYS_ADMIN
    readonly: true
services:
  - name: rngd
    image: mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9
    capabilities:
     - CAP_SYS_ADMIN
    oomScoreAdj: -800
    readonly: true