summaryrefslogtreecommitdiff
path: root/catalog
diff options
context:
space:
mode:
authorDan Walsh <dwalsh@redhat.com>2014-01-30 16:28:02 -0500
committerDavid Strauss <david@davidstrauss.net>2014-02-04 13:33:15 -0800
commita8828ed93878b4b4866d40ebfb660e54995ff72e (patch)
tree069b43684335a229432b2fa1f7666d8e62e3e715 /catalog
parent483798e0770c65968bbe2b668ece293b2419f2ec (diff)
Add SELinux support to systemd-nspawn
This patch adds to new options: -Z PROCESS_LABEL This specifies the process label to run on processes run within the container. -L FILE_LABEL The file label to assign to memory file systems created within the container. For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
Diffstat (limited to 'catalog')
0 files changed, 0 insertions, 0 deletions