On Fri, Feb 26, 2016 at 7:54 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > On Thu, 2016-02-25 at 15:54 -0500, Stephen Smalley wrote: >> On 02/25/2016 03:28 PM, Daniel J Walsh wrote: >> > Currently typebounds only allows one instance. >> It is a hierarchy, where each child has a single parent. So you can >> define hierarchies like: >> typebounds unconfined_t docker_t; >> typebounds docker_t svirt_lxc_net_t; >> and then they can both transition because they are both ancestors. > > Awesome idea. Would that resolve all your problems Dan with Docker, runc, etc.? >From our discussions the other day I thought you needed the ability to transition to svirt_lxc_net_t from domains other than unconfined_t and docker_t ... or was I misunderstanding you? -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
