search for: container_t

Displaying 5 results from an estimated 5 matches for "container_t".

2023 Mar 22
1
[libnbd PATCH v4 0/2] lib/utils: introduce async-signal-safe execvpe()
...generate a local policy module to allow this access. > Do > allow this access for now by executing: > # ausearch -c 'bash' --raw | audit2allow -M my-bash > # semodule -X 300 -i my-bash.pp > > > Additional Information: > Source Context system_u:system_r:container_t:s0:c62,c364 > Target Context unconfined_u:object_r:user_home_t:s0 > Target Objects /usr/lib/libreadline.so.8.2 [ file ] > Source bash > Source Path /bin/bash > Port <Unknown> > Ho...
2023 Mar 22
1
[libnbd PATCH v4 0/2] lib/utils: introduce async-signal-safe execvpe()
On 3/22/23 12:42, Daniel P. Berrang? wrote: > On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >> On 3/22/23 11:42, Laszlo Ersek wrote: >> >>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>> libnbd-alpine-edge" command is failing with a different error message -- >>> the download completes, but the internal
2020 Jul 14
2
Re: SELinux labels change in libvirt
On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote: > > Hello all, > > > > tl;dr, can you point me to the point in the libvirt repo where it's > trying > > to change a tap-device's SELinux label? > > > > I am trying to create a tap device with libvirt on
2020 Jul 16
1
Re: SELinux labels change in libvirt
...n normal host OS deployment, libvirtd runs under virtd_t, and when > it spawns QEMU, it will relabel files to svirt_image_t:s0:$MCS, and > spawn QEMU as svirt_t:s0:$MCS. > > My understanding is what in kubevirt, things work differently. Docker > (or podman), launch the container as container_t:s0:$MCS. libvirtd > *and* QEMU thus both run as container_t:s0:$MCS. ie All the labelling > is setup when the container is launched and libvirtd should not do > anything. > > So I'm really not sure why you have libvirtd configured to do relabelling > at all ? I'd be expe...
2020 Jul 14
0
Re: SELinux labels change in libvirt
...rt/kubevirt/pull/3290 In normal host OS deployment, libvirtd runs under virtd_t, and when it spawns QEMU, it will relabel files to svirt_image_t:s0:$MCS, and spawn QEMU as svirt_t:s0:$MCS. My understanding is what in kubevirt, things work differently. Docker (or podman), launch the container as container_t:s0:$MCS. libvirtd *and* QEMU thus both run as container_t:s0:$MCS. ie All the labelling is setup when the container is launched and libvirtd should not do anything. So I'm really not sure why you have libvirtd configured to do relabelling at all ? I'd be expecting it to have security_dri...