On Sun, Aug 21, 2016 at 07:20:57AM +0500, Kashif ali wrote: > Hi > * When i run my docker daemon with on port for communication with client > with the help of this command > => "docker daemon -H localhost:2376 --selinux-enabled &" > then the docker daemon have following label > "root:unconfined_r:unconfined_t:s0-s0:c0.c1023 2535 pts/0 00:00:00 > dockerd" > > * Root user is running in the following context > "root:unconfined_r:unconfined_t:" > > * is there anything i am missing why docker daemon don't have docker_t > label on it, > i know as docker daemon is started by unconfined_t domain and > unconfined_t domain have no domain transition then in which context the > docker daemon should start and as i read if init_t start the process > then docker daemon will have docker_t label on it so how can i run docker > daemon with init_t context You want to run docker in the docker_t domain? then just set a domtrans so it will transition to docker. you do not have to go via system_u or init_t for that. you can also use "runcon -t docker_t docker daemon..." if there is no transition. Are you on redhat? you might want to ask on their mailing list, they'd be a better help probably. -- Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
