On 01/10/14 15:27, Trevor Vaughan wrote: > How does running tests with SELinux contexts work in a Docker instance? > (I'm not guessing very well, but it would be nice to have confirmation).
I think the way it works recently (since Dan Walsh's work around Docker 0.10/11) is that /sys/fs/selinux is read-only inside the container, and libselinux understands this as "SELinux is disabled". As far as selinuxenabled etc are concerned, there's no SELinux support, so the same as running on a normal host or VM without SELinux enabled. (This is separate to whether SELinux is functional on the host running the container.) https://bugzilla.redhat.com/show_bug.cgi?id=1096123 has some interesting background, as EL6's libselinux didn't understand what the read-only /sys/fs/selinux mount meant. -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/542D043D.7010802%40redhat.com. For more options, visit https://groups.google.com/d/optout.
