On 01/10/14 15:27, Trevor Vaughan wrote: > How does running tests with SELinux contexts work in a Docker instance? > (I'm not guessing very well, but it would be nice to have confirmation).
I think the way it works recently (since Dan Walsh's work around Docker 0.10/11) is that /sys/fs/selinux is read-only inside the container, and libselinux understands this as "SELinux is disabled". As far as selinuxenabled etc are concerned, there's no SELinux support, so the same as running on a normal host or VM without SELinux enabled. (This is separate to whether SELinux is functional on the host running the container.) https://bugzilla.redhat.com/show_bug.cgi?id=1096123 has some interesting background, as EL6's libselinux didn't understand what the read-only /sys/fs/selinux mount meant. -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/542D043D.7010802%40redhat.com. For more options, visit https://groups.google.com/d/optout.