diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2018-05-30 15:57:33 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-05-31 13:51:11 +0000 |
commit | 7c6034e161abf4b70fb0409718cc5aa8cd83cc88 (patch) | |
tree | 243e51b1ec5303a0144b4d21a016e6be59ec7146 /pkg/hooks | |
parent | bae80a0b663925ec751ad2784ca32989403cdc24 (diff) | |
download | podman-7c6034e161abf4b70fb0409718cc5aa8cd83cc88.tar.gz podman-7c6034e161abf4b70fb0409718cc5aa8cd83cc88.tar.bz2 podman-7c6034e161abf4b70fb0409718cc5aa8cd83cc88.zip |
We need to change the SELinux label of the conmon process to s0
If SELinux is enabled, we are leaking in pipes into the container
owned by conmon. The container processes are not allowed to use
these pipes, if the calling process is fully ranged. By changing
the level of the conmon process to s0, this allows container processes
to use the pipes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #854
Approved by: mheon
Diffstat (limited to 'pkg/hooks')
0 files changed, 0 insertions, 0 deletions