On 01/31/2012 07:10 AM, Shweta Shinde wrote:
> Hi everyone, I am interested in the security aspects of LXC. How
> can we use SELinux to secure LXC containers? Any information will
> be very helpful.
>
>
> -- Regards, Shweta
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
We are hoping to have a feature in Fedora 17.
http://fedoraproject.org/wiki/Features/Securecontainers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Hi* Daniel,Thanks for the reply.I tried out*
LXC sf.net for creating containers.
According to following link, RHEL 6.2 will support LXC libvirt API.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
It further says, Linux Containers are just a Technology Preview. Will RHEL provide libvirt lxc integrated with its future releases?And, if I want to work with container for longterm using RHEL, will I need to shift to libvirt LXC?
As of now, from where can I download the libvirt LXC.
Thanks,Shweta
On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange <berrange@redhat.com> wrote:
On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
> Hi everyone,
> I am interested in the security aspects of LXC.
> How can we use SELinux to secure LXC containers?
> Any information will be very helpful.
I recently posted patches to libvirt, which extend the sVirt support
from KVM, to also cover our LXC driver. This will ensure strict
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
02-08-2012, 01:12 PM
Daniel J Walsh
SELinux for LXC Container
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/08/2012 05:27 AM, Shweta Shinde wrote:
> Hi Daniel, Thanks for the reply. I tried out LXC sf.net
> <http://sf.net> for creating containers.
>
> According to following link, RHEL 6.2 will support LXC libvirt
> API.
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
>
>
It further says, Linux Containers are just a Technology Preview. Will
> RHEL provide libvirt lxc integrated with its future releases?
We hope to.
> And, if I want to work with container for longterm using RHEL, will
> I need to shift to libvirt LXC?
Yes
> As of now, from where can I download the libvirt LXC.
>
That the other Daniel will need to answer...
> Thanks, Shweta
>
>
>
>
> On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange
> <berrange@redhat.com <mailto:berrange@redhat.com>> wrote:
>
> On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
>> Hi everyone, I am interested in the security aspects of LXC. How
>> can we use SELinux to secure LXC containers? Any information will
>> be very helpful.
>
> I recently posted patches to libvirt, which extend the sVirt
> support from KVM, to also cover our LXC driver. This will ensure
> strict confinement of LXC containers using SELinux
>
> https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
>
> Fedora 17 policy is being enhanced to support this at the same
> time.
>
> NB, this only applies to the libvirt LXC userspace driver, which
> is completely separate from the LXC sf.net <http://sf.net>
> userspace.
>
> Regards, Daniel -- |: http://berrange.com -o-
> http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org
> -o- http://virt-manager.org :| |: http://autobuild.org -o-
> http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org
> -o- http://live.gnome.org/gtk-vnc :|
>
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
On Wed, Feb 08, 2012 at 09:12:14AM -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/08/2012 05:27 AM, Shweta Shinde wrote:
> > Hi Daniel, Thanks for the reply. I tried out LXC sf.net
> > <http://sf.net> for creating containers.
> >
> > According to following link, RHEL 6.2 will support LXC libvirt
> > API.
> > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
> >
> >
> It further says, Linux Containers are just a Technology Preview. Will
> > RHEL provide libvirt lxc integrated with its future releases?
> We hope to.
> > And, if I want to work with container for longterm using RHEL, will
> > I need to shift to libvirt LXC?
> Yes
> > As of now, from where can I download the libvirt LXC.
> >
> That the other Daniel will need to answer...
Any recent libvirt release includes LXC support as standard,
so check your distro's repos, or go to http://libvirt.org
SELinux for LXC Container
