Hi everyone, I am interested in the security aspects of LXC. How can we use SELinux to secure LXC containers? Any information will be very helpful.
-- Regards, Shweta
On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
Hi everyone, I am interested in the security aspects of LXC. How can we use SELinux to secure LXC containers? Any information will be very helpful.
I recently posted patches to libvirt, which extend the sVirt support from KVM, to also cover our LXC driver. This will ensure strict confinement of LXC containers using SELinux
https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
Fedora 17 policy is being enhanced to support this at the same time.
NB, this only applies to the libvirt LXC userspace driver, which is completely separate from the LXC sf.net userspace.
Regards, Daniel
Hi Daniel, Thanks for the reply. I tried out LXC sf.net for creating containers.
According to following link, RHEL 6.2 will support LXC libvirt API. http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2... It further says, Linux Containers are just a Technology Preview. Will RHEL provide libvirt lxc integrated with its future releases? And, if I want to work with container for longterm using RHEL, will I need to shift to libvirt LXC? As of now, from where can I download the libvirt LXC.
Thanks, Shweta
On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange berrange@redhat.comwrote:
On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
Hi everyone, I am interested in the security aspects of LXC. How can we use SELinux to secure LXC containers? Any information will be very helpful.
I recently posted patches to libvirt, which extend the sVirt support from KVM, to also cover our LXC driver. This will ensure strict confinement of LXC containers using SELinux
https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
Fedora 17 policy is being enhanced to support this at the same time.
NB, this only applies to the libvirt LXC userspace driver, which is completely separate from the LXC sf.net userspace.
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:%7C |: http://libvirt.org -o- http://virt-manager.org:%7C |: http://autobuild.org -o- http://search.cpan.org/~danberr/:%7C |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:%7C
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/08/2012 05:27 AM, Shweta Shinde wrote:
Hi Daniel, Thanks for the reply. I tried out LXC sf.net http://sf.net for creating containers.
According to following link, RHEL 6.2 will support LXC libvirt API. http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2...
It further says, Linux Containers are just a Technology Preview. Will
RHEL provide libvirt lxc integrated with its future releases?
We hope to.
And, if I want to work with container for longterm using RHEL, will I need to shift to libvirt LXC?
Yes
As of now, from where can I download the libvirt LXC.
That the other Daniel will need to answer...
Thanks, Shweta
On Tue, Jan 31, 2012 at 5:47 PM, Daniel P. Berrange <berrange@redhat.com mailto:berrange@redhat.com> wrote:
On Tue, Jan 31, 2012 at 05:40:44PM +0530, Shweta Shinde wrote:
Hi everyone, I am interested in the security aspects of LXC. How can we use SELinux to secure LXC containers? Any information will be very helpful.
I recently posted patches to libvirt, which extend the sVirt support from KVM, to also cover our LXC driver. This will ensure strict confinement of LXC containers using SELinux
https://www.redhat.com/archives/libvir-list/2012-January/msg01006.html
Fedora 17 policy is being enhanced to support this at the same time.
NB, this only applies to the libvirt LXC userspace driver, which is completely separate from the LXC sf.net http://sf.net userspace.
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On Wed, Feb 08, 2012 at 09:12:14AM -0500, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/08/2012 05:27 AM, Shweta Shinde wrote:
Hi Daniel, Thanks for the reply. I tried out LXC sf.net http://sf.net for creating containers.
According to following link, RHEL 6.2 will support LXC libvirt API. http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.2...
It further says, Linux Containers are just a Technology Preview. Will
RHEL provide libvirt lxc integrated with its future releases?
We hope to.
And, if I want to work with container for longterm using RHEL, will I need to shift to libvirt LXC?
Yes
As of now, from where can I download the libvirt LXC.
That the other Daniel will need to answer...
Any recent libvirt release includes LXC support as standard, so check your distro's repos, or go to http://libvirt.org
Daniel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/31/2012 07:10 AM, Shweta Shinde wrote:
Hi everyone, I am interested in the security aspects of LXC. How can we use SELinux to secure LXC containers? Any information will be very helpful.
-- Regards, Shweta
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
We are hoping to have a feature in Fedora 17.
http://fedoraproject.org/wiki/Features/Securecontainers
selinux@lists.fedoraproject.org