selinux-dockersock
selinux-dockersock copied to clipboard
dpw
Allow containers to access docker.sock under Fedora and RHEL
If a container process gains access to this socket or the podman socket then it has full control on the system. IE Full root. Basically the container process does a...
Thanks for this repo because I'm new to SELinux and it helped me a lot. Note however after starting with the method you have here for installation I actually simplified...
If in the container I get error: `libsemanage.semanage_commit_sandbox: Error while renaming /etc/selinux/targeted/active to /etc/selinux/targeted/previous. (Invalid cross-device link).` If in the HOST, the MAKE works successful but still I can't mount...
> make semodule -i dockersock.pp Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/dockersock/cil:1 semodule: Failed! make: *** [load] Erreur 1 What did i do wrong ?
In my case under ScientificLinux 7, which I think should be the same as RHEL/CentOS 7, the ``te`` should be: ``` module local 1.0; require { type container_runtime_t; type container_t;...
