SELinux for LXC Container

Daniel J Walsh dwalsh at redhat.com
Wed Feb 8 14:12:14 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/08/2012 05:27 AM, Shweta Shinde wrote:
> Hi  Daniel, Thanks for the reply. I tried out  LXC sf.net
> <http://sf.net> for creating containers.
> 
> According to following link, RHEL 6.2 will support LXC libvirt
> API. 
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
>
> 
It further says, Linux Containers are just a Technology Preview. Will
> RHEL provide libvirt lxc integrated with its future releases?
We hope to.
> And, if I want to work with container for longterm using RHEL, will
> I need to shift to libvirt LXC?
Yes
> As of now, from where can I download the libvirt LXC.
> 
That the other Daniel will need to answer...

> Thanks, Shweta
> 
> 
> 
> 
> On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange
> <berrange at redhat.com <mailto:berrange at redhat.com>> wrote:
> 
> On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
>> Hi everyone, I am interested in the security aspects of LXC. How
>> can we use SELinux to secure LXC containers? Any information will
>> be very helpful.
> 
> I recently posted patches to libvirt, which extend the sVirt
> support from KVM, to also cover our LXC driver. This will ensure
> strict confinement of LXC containers using SELinux
> 
> https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
>
>  Fedora 17 policy is being enhanced to support this at the same
> time.
> 
> NB, this only applies to the libvirt LXC userspace driver, which
> is completely separate from the LXC sf.net <http://sf.net>
> userspace.
> 
> Regards, Daniel -- |: http://berrange.com      -o- 
> http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org
> -o- http://virt-manager.org :| |: http://autobuild.org       -o-
>  http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org
> -o- http://live.gnome.org/gtk-vnc :|
> 
> 
> 
> 
> -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8ygrsACgkQrlYvE4MpobP81wCgxGzNvrUxvg2aT7HE2ojhkjCo
srUAnA1xj6Z3HVl4JPU3N3HHzFyKN6/e
=3+Wt
-----END PGP SIGNATURE-----

More information about the selinux mailing list