English
« Back to projectatomic.io
Ask Your Question
0

RPMs and Selinux

asked 2014-12-22 16:03:22 +0000

jayunit100 gravatar image

How will project atomic be securing / managing interaction between selinux and other host RPMs with whats on atomic ?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-12-22 16:35:16 +0000

sghosh gravatar image

The Atomic Host is a pre-built image - so the RPMs that are used to construct the image should have all the required SElinux policy coverage. The image is built with SELinux enabled and in enforcing mode.

Any containers that run on Atomic are constrained by the 3 layers - cgroups, namespaces, and sVirt.

Today - we don't have a capability to install additional host RPMs on the Atomic Host image. But it is a future roadmap item. Implementation of that feature will require that we are able to maintain the SELinux enforcing mode for Atomic Host.

edit flag offensive delete link more

Comments

makes sense, @sghosh , but how could you allow for installation of rpms without breaking the host/guest barrier ? thats the core of my question.

jayunit100 ( 2014-12-22 17:41:25 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
1 follower

Stats

Asked: 2014-12-22 16:03:22 +0000

Seen: 109 times

Last updated: Dec 22 '14