I have configured mls with permissive mode in centos7, but on reboot it leaves some of the services as labelled and some as unlabeled.... Even docker running as unconfined_t
When I configure mls with enforcing mode my system doesn't get boot and stops working!
How can we solve this issue??
Thanks in advance
Engr. Naina Emmanuel
On May 5, 2016 11:32 AM, "Naina Emmanuel" <nemmanuel1992@xxxxxxxxx> wrote:
Good Morning,I am working on docker and its securituy through SElinux, I am facing some problems and have some Questions to ask...Q1: If for the containers, we have MLS policy to be configured SelinuxType=mls in /etc/selinux/config, then on the host for other modules we have targeted policy, how can take these two different types simultaneously ?Q2: Docker is running on my Centos7, still it is giving unconfined_t label on docker process, (policy is configured as selinuxtype=mls and selinux=permissive)Q3: In targeted rpm package i have found namespace.te and cgroup.te, if docker works on mls, then why these policy modules are given in targeted rpm?Q4: Where is mls policy is located? As we have .te policy for targetedplease guide me in these regardThanks in advanceEngr. Naina EmmanuelLinux Essential Certified (LEPDC)Cisco Certified Network Associate (CCNA)Computer Engineering Department, UET TaxilaInformation Security, CS Department, CIIT Islamabad
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
