« Back to projectatomic.io
Ask Your Question

RPMs and Selinux

asked 2014-12-22 16:03:22 +0000

jayunit100 gravatar image

How will project atomic be securing / managing interaction between selinux and other host RPMs with whats on atomic ?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2014-12-22 16:35:16 +0000

sghosh gravatar image

The Atomic Host is a pre-built image - so the RPMs that are used to construct the image should have all the required SElinux policy coverage. The image is built with SELinux enabled and in enforcing mode.

Any containers that run on Atomic are constrained by the 3 layers - cgroups, namespaces, and sVirt.

Today - we don't have a capability to install additional host RPMs on the Atomic Host image. But it is a future roadmap item. Implementation of that feature will require that we are able to maintain the SELinux enforcing mode for Atomic Host.

edit flag offensive delete link more


makes sense, @sghosh , but how could you allow for installation of rpms without breaking the host/guest barrier ? thats the core of my question.

jayunit100 ( 2014-12-22 17:41:25 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

1 follower


Asked: 2014-12-22 16:03:22 +0000

Seen: 110 times

Last updated: Dec 22 '14