Changes

Jump to navigation Jump to search
m
no edit summary
Line 1: Line 1:  
SELinux is protecting the file system, and the host from attack from inside of a container.
 
SELinux is protecting the file system, and the host from attack from inside of a container.
   −
The initial SELinux policy for containers was written for a tool called [https://www.berrange.com/posts/2012/01/17/building-application-sandboxes-with-libvirt-lxc-kvm/ virt-sandbox] that used libvirt to launch containers, specifically it used libvirt-lxc.
+
The initial SELinux policy for containers was written for a tool called [https://www.berrange.com/posts/2012/01/17/building-application-sandboxes-with-libvirt-lxc-kvm/ virt-sandbox], which used libvirt, specifically libvirt-lxc, to launch containers. This first type was called <code>svirt_lxc_t</code> and it is not allowed to have network access.
This first type was called <code>svirt_lxc_t</code> and it is not allowed to have network access.
   
The successor of <code>svirt_lxc_t</code> is called <code>svirt_lxc_net_t</code> and allows full network access.
 
The successor of <code>svirt_lxc_t</code> is called <code>svirt_lxc_net_t</code> and allows full network access.
 
The type for content that the <code>svirt_lxc</code> types could manage is named <code>svirt_sandbox_file_t</code>.
 
The type for content that the <code>svirt_lxc</code> types could manage is named <code>svirt_sandbox_file_t</code>.
327

edits

Navigation menu