From 9c616880988aac15d2d25c05ae4c05d0a654fe4a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 20 Jan 2017 15:39:26 -0500 Subject: [PATCH] Default type for containers is not container_t We usually specify MCS Labels as comma separated pair. Finally if we run two different containers we want them on different MCS labels. Signed-off-by: Daniel J Walsh --- test/testdata/container_config.json | 4 ++-- test/testdata/sandbox_config_seccomp.json | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/test/testdata/container_config.json b/test/testdata/container_config.json index d1a83698..3bc9d8d7 100644 --- a/test/testdata/container_config.json +++ b/test/testdata/container_config.json @@ -66,8 +66,8 @@ "selinux_options": { "user": "system_u", "role": "system_r", - "type": "svirt_lxc_net_t", - "level": "s0:c4-c5" + "type": "container_t", + "level": "s0:c4,c5" }, "user": { "uid": 5, diff --git a/test/testdata/sandbox_config_seccomp.json b/test/testdata/sandbox_config_seccomp.json index 5a4345b0..9a55f51a 100644 --- a/test/testdata/sandbox_config_seccomp.json +++ b/test/testdata/sandbox_config_seccomp.json @@ -57,6 +57,12 @@ "host_pid": false, "host_ipc": false } + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "container_t", + "level": "s0:c1,c2" } } }