Default type for containers is not container_t
We usually specify MCS Labels as comma separated pair. Finally if we run two different containers we want them on different MCS labels. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
parent
7fda27a5b3
commit
9c61688098
2 changed files with 8 additions and 2 deletions
4
test/testdata/container_config.json
vendored
4
test/testdata/container_config.json
vendored
|
|
@ -66,8 +66,8 @@
|
||||||
"selinux_options": {
|
"selinux_options": {
|
||||||
"user": "system_u",
|
"user": "system_u",
|
||||||
"role": "system_r",
|
"role": "system_r",
|
||||||
"type": "svirt_lxc_net_t",
|
"type": "container_t",
|
||||||
"level": "s0:c4-c5"
|
"level": "s0:c4,c5"
|
||||||
},
|
},
|
||||||
"user": {
|
"user": {
|
||||||
"uid": 5,
|
"uid": 5,
|
||||||
|
|
|
||||||
6
test/testdata/sandbox_config_seccomp.json
vendored
6
test/testdata/sandbox_config_seccomp.json
vendored
|
|
@ -57,6 +57,12 @@
|
||||||
"host_pid": false,
|
"host_pid": false,
|
||||||
"host_ipc": false
|
"host_ipc": false
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"selinux_options": {
|
||||||
|
"user": "system_u",
|
||||||
|
"role": "system_r",
|
||||||
|
"type": "container_t",
|
||||||
|
"level": "s0:c1,c2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue