'su' in a Docker container -> AVC
Laurent Rineau
laurent.rineau__fedora at normalesup.org
Thu Jun 18 13:15:04 UTC 2015
Le Thursday 18 June 2015 08:41:51 Daniel J Walsh a écrit :
> Actually this is a known problem with kernel keyrings not being
> namespace aware. Since the crond process created the keyring, root
> processes within the container are trying to use it and SELinux is
> blocking the access. We should probably just don'taudit access to the
> kernel keyring until we can get a keyring that works with namespaces.
Should I fill a bug report, or will you deal with this yourself?
--
Laurent Rineau
http://fedoraproject.org/wiki/LaurentRineau
More information about the selinux
mailing list