thanks jason it was very helpful
On Sun, Aug 21, 2016 at 8:49 AM, Jason Zaman <jason@xxxxxxxxxxxxx> wrote:
You want to run docker in the docker_t domain? then just set a domtransOn Sun, Aug 21, 2016 at 07:20:57AM +0500, Kashif ali wrote:
> Hi
> * When i run my docker daemon with on port for communication with client
> with the help of this command
> => "docker daemon -H localhost:2376 --selinux-enabled &"
> then the docker daemon have following label
> "root:unconfined_r:unconfined_t:s0-s0:c0.c1023 2535 pts/0 00:00:00
> dockerd"
>
> * Root user is running in the following context
> "root:unconfined_r:unconfined_t:"
>
> * is there anything i am missing why docker daemon don't have docker_t
> label on it,
> i know as docker daemon is started by unconfined_t domain and
> unconfined_t domain have no domain transition then in which context the
> docker daemon should start and as i read if init_t start the process
> then docker daemon will have docker_t label on it so how can i run docker
> daemon with init_t context
so it will transition to docker. you do not have to go via system_u or
init_t for that. you can also use "runcon -t docker_t docker daemon..."
if there is no transition.
Are you on redhat? you might want to ask on their mailing list, they'd
be a better help probably.
-- Jason
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
