Re: [RFC] containers module in refpolicy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21/08/12 03:22PM, Russell Coker wrote:
> On Thursday, 12 August 2021 8:07:28 AM AEST Kenton Groombridge wrote:
> > At this time refpolicy does not have much (if any) support for various
> > container runtimes such as docker or podman. An issue was raised on
> > container-selinux[1] about the possibility of allowing it to be built
> > against refpolicy, but the question came up of whether or not it would
> > be a better idea to instead introduce such a module specifically in
> > refpolicy. Upstream seems to be open to the idea of making
> > container-selinux work with refpolicy, but I worry that the task of
> > maintaining the module will be more work in the long run.
> > 
> > What are your thoughts?
> 
> We have more than a few policy modules that aren't used by the regular 
> contributors to refpolicy and which aren't well maintained.  Adding one more 
> is no big deal.
> 
> Generally having a module in upstream policy that does most of what you want 
> is better than nothing, you can just have a local module to do the remainder.  
> When the types needed are defined it removes the potential compatibility 
> issues of different implementations.
> 
> Where is the [1] reference?

Looks like I forgot to include it. The upstream issue is here:

https://github.com/containers/container-selinux/issues/113

> 
> -- 
> My Main Blog         http://etbe.coker.com.au/
> My Documents Blog    http://doc.coker.com.au/
> 



[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux