How will project atomic be securing / managing interaction between selinux and other host RPMs with whats on atomic ?
The Atomic Host is a pre-built image - so the RPMs that are used to construct the image should have all the required SElinux policy coverage. The image is built with SELinux enabled and in enforcing mode.
Any containers that run on Atomic are constrained by the 3 layers - cgroups, namespaces, and sVirt.
Today - we don't have a capability to install additional host RPMs on the Atomic Host image. But it is a future roadmap item. Implementation of that feature will require that we are able to maintain the SELinux enforcing mode for Atomic Host.
Asked: 2014-12-22 16:03:22 +0000
Seen: 108 times
Last updated: Dec 22 '14