SELinux for LXC Container
Shweta Shinde
shwetasshinde24 at gmail.com
Wed Feb 8 10:27:59 UTC 2012
Hi Daniel,
Thanks for the reply.
I tried out LXC sf.net for creating containers.
According to following link, RHEL 6.2 will support LXC libvirt API.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
It further says, Linux Containers are just a Technology Preview. Will RHEL
provide libvirt lxc integrated with its future releases?
And, if I want to work with container for longterm using RHEL, will I need
to shift to libvirt LXC?
As of now, from where can I download the libvirt LXC.
Thanks,
Shweta
On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange <berrange at redhat.com>wrote:
> On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
> > Hi everyone,
> > I am interested in the security aspects of LXC.
> > How can we use SELinux to secure LXC containers?
> > Any information will be very helpful.
>
> I recently posted patches to libvirt, which extend the sVirt support
> from KVM, to also cover our LXC driver. This will ensure strict
> confinement of LXC containers using SELinux
>
> https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
>
> Fedora 17 policy is being enhanced to support this at the same time.
>
> NB, this only applies to the libvirt LXC userspace driver, which is
> completely separate from the LXC sf.net userspace.
>
> Regards,
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:|
> |: http://libvirt.org -o- http://virt-manager.org:|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/:|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:|
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120208/53c04afd/attachment.html>
More information about the selinux
mailing list