Changes

SELinux is protecting the file system, and the host from attack from inside of a container.

SELinux is protecting the file system, and the host from attack from inside of a container.

The initial SELinux policy for containers was written for a tool called virt-sandbox that used libvirt to launch containers, specifically it used libvirt-lxc.

The initial SELinux policy for containers was written for a tool called [https://www.berrange.com/posts/2012/01/17/building-application-sandboxes-with-libvirt-lxc-kvm/ virt-sandbox] that used libvirt to launch containers, specifically it used libvirt-lxc.

This first type was called <code>svirt_lxc_t</code> and it is not allowed to have network access.

This first type was called <code>svirt_lxc_t</code> and it is not allowed to have network access.

The successor of <code>svirt_lxc_t</code> is called <code>svirt_lxc_net_t</code> and allows full network access.

The successor of <code>svirt_lxc_t</code> is called <code>svirt_lxc_net_t</code> and allows full network access.