Changes

m
no edit summary
Line 1: Line 1:  
SELinux is protecting the file system, and the host from attack from inside of a container.
 
SELinux is protecting the file system, and the host from attack from inside of a container.
   −
The initial SELinux policy for containers was written for a tool called virt-sandbox that used libvirt to launch containers, specifically it used libvirt-lxc.
+
The initial SELinux policy for containers was written for a tool called [https://www.berrange.com/posts/2012/01/17/building-application-sandboxes-with-libvirt-lxc-kvm/ virt-sandbox] that used libvirt to launch containers, specifically it used libvirt-lxc.
 
This first type was called <code>svirt_lxc_t</code> and it is not allowed to have network access.
 
This first type was called <code>svirt_lxc_t</code> and it is not allowed to have network access.
 
The successor of <code>svirt_lxc_t</code> is called <code>svirt_lxc_net_t</code> and allows full network access.
 
The successor of <code>svirt_lxc_t</code> is called <code>svirt_lxc_net_t</code> and allows full network access.
332

edits