mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-04-28 13:13:39 +00:00
719fae07bf
The virtd_lxc_t type provided by the default RHEL/CentOS/Oracle 6.5 policy is an unconfined_domain(), so it doesn't really enforce anything. This change will provide a link in the documentation to an example policy that does confine containers. On more recent distributions with new enough policy, it is recommended not to use this sample policy, but to use the types already available on the system from /etc/selinux/targeted/contexts/lxc_contexts, ie: process = "system_u:system_r:svirt_lxc_net_t:s0" file = "system_u:object_r:svirt_sandbox_file_t:s0" Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 lines
100 B
Makefile
9 lines
100 B
Makefile
selinuxdir=@DATADIR@/lxc/selinux
|
|
|
|
EXTRA_DIST = \
|
|
lxc.if lxc.te
|
|
|
|
selinux_DATA = \
|
|
lxc.if \
|
|
lxc.te
|