-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/04/2013 08:22 PM, Matthew Miller wrote: > On Fri, Oct 04, 2013 at 06:16:18PM -0400, Daniel J Walsh wrote: >>> Another question, probably a dumb one. Will this work with the >>> lxc-tools approach or just with libvirt-lxc? >> We can work with it on the lxc version, but I am not sure if it will >> work easily. > > But libvirt _does_ make it easy? Again, sorry if these are silly > questions. :) > Yes libvirt makes it much easier because it is built in. To get this to work with lxc tool set we need to add a patch to lxc to launch that applications that run within a container with a particular SELinux label. This means we need to patch docker to take an SELinux label or to pick a default, and then pass it to lxc which will tell the kernel what label to launch. We already do this with the libvirt-sandbox tools, and libvirt-lxc does the setup and launch with the correct label. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJSoTMACgkQrlYvE4MpobPkrQCgvf9uYoTWHU0tBtdBG6mIshfI 6LsAn3GReKJ2DlHE+qmdtWQINXZpo+1E =vgoA -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
