* BTRFS/SELinux patch just got merged in docker.
@ 2015-11-17 21:35 Daniel J Walsh
0 siblings, 0 replies; only message in thread
From: Daniel J Walsh @ 2015-11-17 21:35 UTC (permalink / raw)
To: SELinux, Fedora SELinux Users
https://github.com/docker/docker/pull/16452
This patch will allow you to run your docker containers with SELinux
locked down. Prior to this you needed to
disable SELinux in docker (Not on the host).
The patch is doing a little bit of nastiness in that it is recursively
relabeling the image on container creation.
You could see a slow down on image creation of 1-2 seconds. After the
container is created, there is no
slow down in start and stop of the container.
We would prefer to eventually get the kernel fixed to allow built in
btrfs labeling but this at least allows us to
fix this in userspace. Now we need to fix overlayfs.
Dan
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-11-17 21:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-17 21:35 BTRFS/SELinux patch just got merged in docker Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.