kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/daemon/graphdriver
History
Dan Walsh 73617e5e18 Change default label of container volumes to shared SELinux Label 
Since these will be shared between containers we want to label
them as svirt_sandbox_file_t:s0.  That will allow multiple containers
to write to them.

Currently we are allowing container domains to read/write all content in
/var/lib/docker because of container volumes.  This is a big security hole
in our SELinux story.

This patch will allow us to tighten up the security of docker containers.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 		2014-09-09 08:18:20 -04:00
..
aufs another commit to do like @crosbymichael 2014-08-14 01:36:26 +00:00
btrfs Replace "amd64" build tags with "cgo" as appropriate, and remove where unnecessary 2014-08-06 17:20:21 -06:00
devmapper fix typos in error messages 2014-09-03 13:12:10 -04:00
graphtest update go import path and libcontainer 2014-07-24 22:19:50 +00:00
vfs Change default label of container volumes to shared SELinux Label 2014-09-09 08:18:20 -04:00
driver.go update go import path and libcontainer 2014-07-24 22:19:50 +00:00