Comments (6)
rhatdan
commented on May 26, 2024
We probably should handle this in opencontainers/selinux, but the benefit of SELinux and Containers falls quite a bit without MCS/MLS Container Separation. We rely on the forth field to keep containers separate. Is there a targeted policy available for gentoo that supports the MCS/MLS Field?
from selinux.
rhatdan
commented on May 26, 2024
Patch to allow you to use selinux on non MCS machines #25
from selinux.
kenya888
commented on May 26, 2024
@rhatdan Oh thank you for quick reply and advice.
Is there a targeted policy available for gentoo that supports the MCS/MLS Field?
Currently no, probably. I've confirmed the fourth field is present at mls settings and disappear at targeted settings. Though I can do it myself manually, I don't think it is a good idea. I'd like to communicate with Gentoo SELinux project team about this topic with the benefit of container separation with the MLS/MCS field in targeted mode.
At last thank you again for quick action to fix it!!
from selinux.
rhatdan
commented on May 26, 2024
Could you apply the patches to your podman to see if it actually fixes your issue?
from selinux.
kenya888
commented on May 26, 2024
Works fine. Thanks!!
from selinux.
rhatdan
commented on May 26, 2024
This issue is fixed.
from selinux.
Related Issues (20)
- Detecting duplicates in new API HOT 2
- Document the selinux build flag
- data race exists in pwalk HOT 3
- Tag current master as v1.6.1 HOT 3
- security protocol link broken on readme
- Request: remove "selinux" build tag HOT 11
- RFC: switch from pullapprove to native github process HOT 9
- Renamed the main branch from master->main HOT 1
- cut a release (1.8.6 or 1.9.0) HOT 2
- Copyright is unclear HOT 2
- Rootless podman creates containers in system_u:system_r HOT 3
- recursive Relabel() skips symlinks HOT 1
- Podman failed to mount runtime directory for rootless netns: no such file or directory HOT 1
- Checking if MLS is enabled HOT 1
- Setting a selinux label for a package? HOT 1
- Request: add error handling in pkg/pwalk HOT 2
- Tag a v1.3.1 release with #59 included (additional fix for CVE-2019-16884) HOT 3
- unix.SELINUX_MAGIC (untyped int constant 4185718668) overflows int32 HOT 3
- Draft a new release HOT 1
- Make recursive chcon threaded. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from selinux.