selinux + docker

Kernels & Hardware, configuring network, installing services

selinux + docker

Postby sillyannie » 2017-07-05 14:20

I'm trying to get docker to play nicely with selinux on debian stretch. I have tried using --selinux-enabled in the systemd.service target but it does nothing and I don't really know how to proceed. I tested this in fedora and it worked with no issues but I can't get it to work in debian. Can anyone help?
sillyannie
 
Posts: 3
Joined: 2017-07-05 14:12

Re: selinux + docker

Postby HuangLao » 2017-07-05 19:24

this is old but it might help:
https://www.youtube.com/watch?v=Yh8tgIZUb3A

If you like Docker and SELinux why not just use CentOS or Fedora? Or another option like App Armor etc...
User avatar
HuangLao
 
Posts: 250
Joined: 2015-01-27 01:31

Re: selinux + docker

Postby sillyannie » 2017-07-08 21:04

HuangLao wrote:this is old but it might help:
https://www.youtube.com/watch?v=Yh8tgIZUb3A

If you like Docker and SELinux why not just use CentOS or Fedora? Or another option like App Armor etc...

How would apparmor be different from selinux? Would I not have the same issue on apparmor? And i could use fedora but i'm just a lot more comfortable with debian package management :)
sillyannie
 
Posts: 3
Joined: 2017-07-05 14:12


Re: selinux + docker

Postby sillyannie » 2017-07-19 14:42



I installed it and aa-status looks good but i don't see anything interesting when i do ls -alhZ ~/
Like, the profile columns are still "?". Does apparmor work the same way as selinux by assigning roles to all files? And would i use bane (https://github.com/jessfraz/bane) to create profiles for docker containers everytime a container is created/modified? (Seems a little excessive)
sillyannie
 
Posts: 3
Joined: 2017-07-05 14:12


Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable