summaryrefslogtreecommitdiff
path: root/docker
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-03-11 15:13:29 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2019-03-11 15:17:22 -0400
commitde12f4568864458c776cbf4aa8788ca46a576ac4 (patch)
treee9d1f0825c5f24b92fc9578b172ca9f63da468cf /docker
parent7038cac53c4c93cd088fdbb097eee8d45494c3b8 (diff)
downloadpodman-de12f4568864458c776cbf4aa8788ca46a576ac4.tar.gz
podman-de12f4568864458c776cbf4aa8788ca46a576ac4.tar.bz2
podman-de12f4568864458c776cbf4aa8788ca46a576ac4.zip
Fix SELinux on host shared systems in userns
Currently if you turn on --net=host on a rootless container and have selinux-policy installed in the image, tools running with SELinux will see that the system is SELinux enabled in rootless mode. This patch mounts a tmpfs over /sys/fs/selinux blocking this behaviour. This patch also fixes the fact that if you shared --pid=host we were not masking over certin /proc paths. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'docker')
0 files changed, 0 insertions, 0 deletions