Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
selinux + docker
-
- Posts: 3
- Joined: 2017-07-05 14:12
selinux + docker
I'm trying to get docker to play nicely with selinux on debian stretch. I have tried using --selinux-enabled in the systemd.service target but it does nothing and I don't really know how to proceed. I tested this in fedora and it worked with no issues but I can't get it to work in debian. Can anyone help?
Re: selinux + docker
this is old but it might help:
https://www.youtube.com/watch?v=Yh8tgIZUb3A
If you like Docker and SELinux why not just use CentOS or Fedora? Or another option like App Armor etc...
https://www.youtube.com/watch?v=Yh8tgIZUb3A
If you like Docker and SELinux why not just use CentOS or Fedora? Or another option like App Armor etc...
-
- Posts: 3
- Joined: 2017-07-05 14:12
Re: selinux + docker
How would apparmor be different from selinux? Would I not have the same issue on apparmor? And i could use fedora but i'm just a lot more comfortable with debian package managementHuangLao wrote:this is old but it might help:
https://www.youtube.com/watch?v=Yh8tgIZUb3A
If you like Docker and SELinux why not just use CentOS or Fedora? Or another option like App Armor etc...
Re: selinux + docker
I like apparmor more, its easier to use and understand (IMO).
these may help:
https://docs.docker.com/engine/security/apparmor/
https://docs.docker.com/engine/security/security/
https://blog.docker.com/2016/08/softwar ... ontainers/
https://askubuntu.com/questions/485547/ ... h-apparmor
https://cloud.google.com/container-opti ... e-apparmor
https://wiki.debian.org/AppArmor/HowToUse
these may help:
https://docs.docker.com/engine/security/apparmor/
https://docs.docker.com/engine/security/security/
https://blog.docker.com/2016/08/softwar ... ontainers/
https://askubuntu.com/questions/485547/ ... h-apparmor
https://cloud.google.com/container-opti ... e-apparmor
https://wiki.debian.org/AppArmor/HowToUse
-
- Posts: 3
- Joined: 2017-07-05 14:12
Re: selinux + docker
I installed it and aa-status looks good but i don't see anything interesting when i do ls -alhZ ~/HuangLao wrote:I like apparmor more, its easier to use and understand (IMO).
these may help:
https://docs.docker.com/engine/security/apparmor/
https://docs.docker.com/engine/security/security/
https://blog.docker.com/2016/08/softwar ... ontainers/
https://askubuntu.com/questions/485547/ ... h-apparmor
https://cloud.google.com/container-opti ... e-apparmor
https://wiki.debian.org/AppArmor/HowToUse
Like, the profile columns are still "?". Does apparmor work the same way as selinux by assigning roles to all files? And would i use bane (https://github.com/jessfraz/bane) to create profiles for docker containers everytime a container is created/modified? (Seems a little excessive)