Quoting David Kang (dk...@isi.edu): > > Hi, > > I'm trying to run LXC container with SELinux enabled. > When SELinux is permissive, there is no problem. > I can ssh into the LXC container. > However, when SELinux is enabled, ssh connection to the LXC instance cannot > be made. > Right after authentication, it closes the connection. > Any ssh connection that was done before SELinux is enabled still works fine > even after > SELinux gets enabled. > However, with SELinux is enabled, no new ssh connection to the LXC container > can be made. > I believe it is related to sshd. > Any idea how to fix it?
For now, I'd say add a selinux policy module to have /usr/bin/lxc-start automatically enter a lxc_exec_t domain, and let that domain be unconfined. The details of that are more suitable for a selinux mailing list. Hopefully in a month or two I'll be able to send patches to support per-container selinux domains and policies. -serge ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
