SELinux for LXC Container
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 8 14:12:14 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/08/2012 05:27 AM, Shweta Shinde wrote:
> Hi Daniel, Thanks for the reply. I tried out LXC sf.net
> <http://sf.net> for creating containers.
>
> According to following link, RHEL 6.2 will support LXC libvirt
> API.
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
>
>
It further says, Linux Containers are just a Technology Preview. Will
> RHEL provide libvirt lxc integrated with its future releases?
We hope to.
> And, if I want to work with container for longterm using RHEL, will
> I need to shift to libvirt LXC?
Yes
> As of now, from where can I download the libvirt LXC.
>
That the other Daniel will need to answer...
> Thanks, Shweta
>
>
>
>
> On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange
> <berrange at redhat.com <mailto:berrange at redhat.com>> wrote:
>
> On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
>> Hi everyone, I am interested in the security aspects of LXC. How
>> can we use SELinux to secure LXC containers? Any information will
>> be very helpful.
>
> I recently posted patches to libvirt, which extend the sVirt
> support from KVM, to also cover our LXC driver. This will ensure
> strict confinement of LXC containers using SELinux
>
> https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
>
> Fedora 17 policy is being enhanced to support this at the same
> time.
>
> NB, this only applies to the libvirt LXC userspace driver, which
> is completely separate from the LXC sf.net <http://sf.net>
> userspace.
>
> Regards, Daniel -- |: http://berrange.com -o-
> http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org
> -o- http://virt-manager.org :| |: http://autobuild.org -o-
> http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org
> -o- http://live.gnome.org/gtk-vnc :|
>
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8ygrsACgkQrlYvE4MpobP81wCgxGzNvrUxvg2aT7HE2ojhkjCo
srUAnA1xj6Z3HVl4JPU3N3HHzFyKN6/e
=3+Wt
-----END PGP SIGNATURE-----
More information about the selinux
mailing list