subuser icon indicating copy to clipboard operation
subuser copied to clipboard

Published 20 hours ago verified publisher icon subuser-security

Subuser not working with SELINUX enforcing mode

Open shannara opened this issue 8 years ago • 2 comments

When test create file with vim, not work permissions denied, problem with SELINUX, infact when use mode Permissive write file in home directory work.

I investigate for check and create rules for subuser work with SELINUX enforcing mode.

shannara avatar Mar 16 '16 20:03 shannara

With audit2allow i write package policy, now Subuser work with SELINUX Enforcing.

subuser_selinux

But you show that broken security, infact home user have read/write permission for container. It necessary to disable SELINUX for use Subuser but not solution. I continu to investigate.

shannara avatar Mar 16 '16 21:03 shannara

Some time I did some investigation on this topic as I have the same issue. I found some partial solutions documented on stackexchange: https://unix.stackexchange.com/questions/386767/selinux-and-docker-allow-access-to-x-unix-socket-in-tmp-x11-unix Not really good, but the best solution so far is docker run option: --security-opt label=type:container_runtime_t

mviereck avatar Nov 23 '17 23:11 mviereck