diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-03-11 15:13:29 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-03-11 15:17:22 -0400 |
commit | de12f4568864458c776cbf4aa8788ca46a576ac4 (patch) | |
tree | e9d1f0825c5f24b92fc9578b172ca9f63da468cf /docker | |
parent | 7038cac53c4c93cd088fdbb097eee8d45494c3b8 (diff) | |
download | podman-de12f4568864458c776cbf4aa8788ca46a576ac4.tar.gz podman-de12f4568864458c776cbf4aa8788ca46a576ac4.tar.bz2 podman-de12f4568864458c776cbf4aa8788ca46a576ac4.zip |
Fix SELinux on host shared systems in userns
Currently if you turn on --net=host on a rootless container
and have selinux-policy installed in the image, tools running with
SELinux will see that the system is SELinux enabled in rootless mode.
This patch mounts a tmpfs over /sys/fs/selinux blocking this behaviour.
This patch also fixes the fact that if you shared --pid=host we were not
masking over certin /proc paths.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'docker')
0 files changed, 0 insertions, 0 deletions