On Fri, Feb 26, 2016 at 11:31 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > On Fri, 2016-02-26 at 10:46 -0500, Paul Moore wrote: >> Would that resolve all your problems Dan with Docker, runc, etc.? >> From our discussions the other day I thought you needed the ability >> transition to svirt_lxc_net_t from domains other than unconfined_t >> and docker_t ... or was I misunderstanding you? > > Well the two ways we transition to svirt_sandbox_file_t is from runc > which will usually from either docker_t or from unconfined_t. And from > docker. > > We just need to label runc as docker_exec_t so that if you run it from > a systemd unit file the correct transitions will happen. Okay, easy enough. Looks like we don't have to worry about this right now. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
