mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-07-26 18:27:57 +00:00
4fef78bc33
lxc set's up a new session keyring for every container by default. If executed on an SELinux enabled system, by default, the keyring inherits the label of the creating process. If executed with the currently available SELinux policy, this means that the keyring is labeled with the lxc_t type. Applications inside the container, however, might expect that the keyring is labeled with a certain context (and will fail to access the keyring if it's not explicitly allowed in the global policy). This patch introduces the config option lxc.selinux.context.keyring which enables to specify the label of the newly created keyring. That is, the keyring can be labeled with the label expected by the started application. Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de> |
||
|---|---|---|
| .. | ||
| lxc.if | ||
| lxc.te | ||
| Makefile.am | ||