Running Docker containers on a Linux machine/server with SELinux enabled? This tip from an external blog post is worth noting.
I’m currently researching the topic of –selinux-enabled in docker and what it is doing when set to TRUE.
From what I’m seeing, it simply will set context and labels to the services (docker daemon) when SELinux is enabled on the system and not using OverlayFS.
But I’m wondering if that is even correct, and if so, what else is happening when setting –selinux-enabled to TRUE.
–selinux-enabled on the docker daemon causes it to set SELinux labels on the containers. Docker reads the contexts file /etc/selinux/targeted/contexts/lxc_contexts for the default context to run containers.
# File output cat /etc/selinux/targeted/contexts/lxc_contexts process = "system_u:system_r:svirt_lxc_net_t:s0" content = "system_u:object_r:virt_var_lib_t:s0" file = "system_u:object_r:svirt_sandbox_file_t:s0" sandbox_kvm_process = "system_u:system_r:svirt_qemu_net_t:s0" sandbox_kvm_process = "system_u:system_r:svirt_qemu_net_t:s0" sandbox_lxc_process = "system_u:system_r:svirt_lxc_net_t:s0"
Read the complete article here.