[systemd-devel] SElinux in container
MichaĆ Zegan
webczat_200 at poczta.onet.pl
Sun Aug 23 05:12:21 PDT 2015
Unfortunately, SELinux is not namespace/whatever aware and such a setup
is not possible. Unless I suddenly became wrong in this area.
W dniu 23.08.2015 o 14:10, arnaud gaboury pisze:
> Here is my setup:
>
> Host: Archlinux systemd 224-1
> Container: Fedora 22 systemd 219
>
> The container is a server and has vocation to be one day deployed on a
> dediacted server for production. In this way, I would like to set
> SElinux (default in Fedora). Unfortunately, doing it in Arch host is
> not a trivial affair and as host is a desktop, I would like to avoid.
>
> For now, SElinux is enabled in the Kernel with disables at boot with selinux=0.
>
> Is there any way to enable and configure SElinux only in the
> container? Looking at capabilities(7) did not give me any hints. As a
> side note, CAP_SYS_MODULE does not work for container. I guess it is
> due to systemd 219 on the container ?
>
> Thank you.
>
More information about the systemd-devel
mailing list