FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 01-31-2012, 12:40 PM
Daniel J Walsh
 
Default SELinux for LXC Container

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/31/2012 07:10 AM, Shweta Shinde wrote:
> Hi everyone, I am interested in the security aspects of LXC. How
> can we use SELinux to secure LXC containers? Any information will
> be very helpful.
>
>
> -- Regards, Shweta
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
We are hoping to have a feature in Fedora 17.

http://fedoraproject.org/wiki/Features/Securecontainers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8n70wACgkQrlYvE4MpobNg1ACePo6jI5exua 9ub7uMbik/HEtU
Hz0AoMmuTCTdKWVJGnhVEcsdf0lSbBQn
=NDHi
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 02-08-2012, 09:27 AM
Shweta Shinde
 
Default SELinux for LXC Container

Hi* Daniel,Thanks for the reply.I tried out*
LXC sf.net for creating containers.
According to following link, RHEL 6.2 will support LXC libvirt API.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
It further says, Linux Containers are just a Technology Preview. Will RHEL provide libvirt lxc integrated with its future releases?And, if I want to work with container for longterm using RHEL, will I need to shift to libvirt LXC?
As of now, from where can I download the libvirt LXC.
Thanks,Shweta





On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange <berrange@redhat.com> wrote:


On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:

> Hi everyone,

> I am interested in the security aspects of LXC.

> How can we use SELinux to secure LXC containers?

> Any information will be very helpful.



I recently posted patches to libvirt, which extend the sVirt support

from KVM, to also cover our LXC driver. This will ensure strict

confinement of LXC containers using SELinux



https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html



Fedora 17 policy is being enhanced to support this at the same time.



NB, this only applies to the libvirt LXC userspace driver, which is

completely separate from the LXC sf.net userspace.



Regards,

Daniel

--

|: http://berrange.com * * *-o- * *http://www.flickr.com/photos/dberrange/ :|

|: http://libvirt.org * * * * * * *-o- * * * * * * http://virt-manager.org :|

|: http://autobuild.org * * * -o- * * * * http://search.cpan.org/~danberr/ :|

|: http://entangle-photo.org * * * -o- * * * http://live.gnome.org/gtk-vnc :|



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 02-08-2012, 01:12 PM
Daniel J Walsh
 
Default SELinux for LXC Container

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/08/2012 05:27 AM, Shweta Shinde wrote:
> Hi Daniel, Thanks for the reply. I tried out LXC sf.net
> <http://sf.net> for creating containers.
>
> According to following link, RHEL 6.2 will support LXC libvirt
> API.
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
>
>
It further says, Linux Containers are just a Technology Preview. Will
> RHEL provide libvirt lxc integrated with its future releases?
We hope to.
> And, if I want to work with container for longterm using RHEL, will
> I need to shift to libvirt LXC?
Yes
> As of now, from where can I download the libvirt LXC.
>
That the other Daniel will need to answer...

> Thanks, Shweta
>
>
>
>
> On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange
> <berrange@redhat.com <mailto:berrange@redhat.com>> wrote:
>
> On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
>> Hi everyone, I am interested in the security aspects of LXC. How
>> can we use SELinux to secure LXC containers? Any information will
>> be very helpful.
>
> I recently posted patches to libvirt, which extend the sVirt
> support from KVM, to also cover our LXC driver. This will ensure
> strict confinement of LXC containers using SELinux
>
> https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
>
> Fedora 17 policy is being enhanced to support this at the same
> time.
>
> NB, this only applies to the libvirt LXC userspace driver, which
> is completely separate from the LXC sf.net <http://sf.net>
> userspace.
>
> Regards, Daniel -- |: http://berrange.com -o-
> http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org
> -o- http://virt-manager.org :| |: http://autobuild.org -o-
> http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org
> -o- http://live.gnome.org/gtk-vnc :|
>
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8ygrsACgkQrlYvE4MpobP81wCgxGzNvrUxvg 2aT7HE2ojhkjCo
srUAnA1xj6Z3HVl4JPU3N3HHzFyKN6/e
=3+Wt
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 02-08-2012, 01:32 PM
"Daniel P. Berrange"
 
Default SELinux for LXC Container

On Wed, Feb 08, 2012 at 09:12:14AM -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/08/2012 05:27 AM, Shweta Shinde wrote:
> > Hi Daniel, Thanks for the reply. I tried out LXC sf.net
> > <http://sf.net> for creating containers.
> >
> > According to following link, RHEL 6.2 will support LXC libvirt
> > API.
> > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2_Technical_Notes/index.html
> >
> >
> It further says, Linux Containers are just a Technology Preview. Will
> > RHEL provide libvirt lxc integrated with its future releases?
> We hope to.
> > And, if I want to work with container for longterm using RHEL, will
> > I need to shift to libvirt LXC?
> Yes
> > As of now, from where can I download the libvirt LXC.
> >
> That the other Daniel will need to answer...

Any recent libvirt release includes LXC support as standard,
so check your distro's repos, or go to http://libvirt.org

Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 07:28 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org