mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
73617e5e18
Since these will be shared between containers we want to label them as svirt_sandbox_file_t:s0. That will allow multiple containers to write to them. Currently we are allowing container domains to read/write all content in /var/lib/docker because of container volumes. This is a big security hole in our SELinux story. This patch will allow us to tighten up the security of docker containers. Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan) |
||
---|---|---|
.. | ||
driver.go | ||
vfs_test.go |