Re: blocking / mount using containers

[Daniel Walsh <dwalsh@xxxxxxxxxx>]

On 07/10/2018 10:00 AM, Mclain, Warren wrote:

I am trying to find a solution for blocking the mounting of / from containers. This is a major security hole for Docker and all of those types of applications.

 

I found the mount_anyfile  Boolean but nothing that digs into that to show how to disable specific mountings.

 

Looking for any information that would help the container community in general.

This seems mighty arbitrary. I would think you would want to block lots of directories from being mounted into the container in addition to /, /home, /var, /etc? for example.

What tool are you using, and what access to you want to grant to your users?

 

thanks

 

___________________________________

Warren McLain

Enterprise Engineering Services

IEI Foundation Engineering - Compute, Optum Technology

 warren_mclain@xxxxxxxxx Office: 763-744-3107

 

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.