Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

selinux + docker

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
sillyannie
Posts: 3
Joined: 2017-07-05 14:12

selinux + docker

#1 Post by sillyannie »

I'm trying to get docker to play nicely with selinux on debian stretch. I have tried using --selinux-enabled in the systemd.service target but it does nothing and I don't really know how to proceed. I tested this in fedora and it worked with no issues but I can't get it to work in debian. Can anyone help?

User avatar
HuangLao
Posts: 485
Joined: 2015-01-27 01:31
Been thanked: 1 time

Re: selinux + docker

#2 Post by HuangLao »

this is old but it might help:
https://www.youtube.com/watch?v=Yh8tgIZUb3A

If you like Docker and SELinux why not just use CentOS or Fedora? Or another option like App Armor etc...

sillyannie
Posts: 3
Joined: 2017-07-05 14:12

Re: selinux + docker

#3 Post by sillyannie »

HuangLao wrote:this is old but it might help:
https://www.youtube.com/watch?v=Yh8tgIZUb3A

If you like Docker and SELinux why not just use CentOS or Fedora? Or another option like App Armor etc...
How would apparmor be different from selinux? Would I not have the same issue on apparmor? And i could use fedora but i'm just a lot more comfortable with debian package management :)


sillyannie
Posts: 3
Joined: 2017-07-05 14:12

Re: selinux + docker

#5 Post by sillyannie »

I installed it and aa-status looks good but i don't see anything interesting when i do ls -alhZ ~/
Like, the profile columns are still "?". Does apparmor work the same way as selinux by assigning roles to all files? And would i use bane (https://github.com/jessfraz/bane) to create profiles for docker containers everytime a container is created/modified? (Seems a little excessive)

Post Reply