container-selinux
container-selinux copied to clipboard
containers
SELinux policy files for Container Runtimes
Using GPUs to accelerate workloads requires the permissions guarded by container_use_xserver_devices. By default it's disabled
* `podmansh(1)` mentions `label=user:container_user_u` which is defined in this policy. This repository ships `container_u` file to assign correct context during login - it should follow `seuser_id` so the right file...
Hello Mr. Dan and Colleagues, Currently, I'm trying to run podman containers on multiple users with `container_u:container_user_r:container_user_t:s0:c512.c1023` context. For now, I'm running on fresh Fedora 39 Server Edition installation with...
Hello, This is a clone of a [bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2113856) and subsequent (public) [jira](https://issues.redhat.com/browse/RHEL-3094). It may happen the package doesn't properly install due to some post-install script failures. `rpm` doesn't report it...
Helps fix: https://github.com/containers/container-selinux/discussions/331
I think the main question is why podman socket is not labeled? Distribution: openSUSE Tumbleweed selinux-policy-targeted-20250305-1.2.noarch I'm trying to run CI with SELinux active (I read a lot of articles...
OpenShift 4.16 and 4.17 were broken by https://github.com/containers/container-selinux/pull/329 so that had to be reverted in https://github.com/containers/container-selinux/pull/346 (new maint branch). We should enable CI testing on openshift environments to ensure we...
Current TMT tests assume systems with `selinux-policy-targeted` installed. https://github.com/containers/container-selinux/pull/332 makes container-selinux rpm installable on MLS systems but we aren't verifying that before merge yet. This issue is a reminder to...