Re: isolate selinux_enforcing

On 3/9/2017 1:03 AM, yangshukui wrote: > I want to use SELinux in system container and only concern the function in > the container. > this system container run in vm and every vm has only one system container. > > How do I use now? > docker run ... system-contaier /sbin/init > after init is

Re: isolate selinux_enforcing

On Thu, 2017-03-09 at 10:28 -0500, Stephen Smalley wrote: > On Thu, 2017-03-09 at 17:03 +0800, yangshukui wrote: > > > > I want to use SELinux in system container and only concern the > > function  > > in the container. > > this system container run in vm and every vm has only one system > >

Re: isolate selinux_enforcing

On Thu, 2017-03-09 at 17:03 +0800, yangshukui wrote: > I want to use SELinux in system container and only concern the > function  > in the container. > this system container run in vm and every vm has only one system > container. > > How do I use now? > docker run ... system-contaier /sbin/init >

Re: [PATCH] Python 3.6 invalid escape sequence deprecation fixes

On 03/09/2017 10:09 AM, Ville Skyttä wrote: > https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior I'd suggest to add the text from the page directly to the commit message: A backslash-character pair that is not a valid escape sequence now generates a DeprecationWarning.

Re: Custom Process Label (SElinux)

On 9 Mar 2017 2:25 pm, "Kashif ali" wrote: this is myapp.te file policy_module(myapp_service, 1.0.0) # # Declarations # attribute_role myapp_service_roles; roleattribute system_r myapp_service_roles; type myapp_service_t;

Re: Custom Process Label (SElinux)

this is myapp.te file policy_module(myapp_service, 1.0.0) # # Declarations # attribute_role myapp_service_roles; roleattribute system_r myapp_service_roles; type myapp_service_t; type myapp_service_exec_t; application_domain(myapp_service_t,

[PATCH] Python 3.6 invalid escape sequence deprecation fixes

https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior Signed-off-by: Ville Skyttä --- python/semanage/seobject.py| 4 ++-- python/sepolgen/src/sepolgen/module.py | 2 +- python/sepolicy/sepolicy/generate.py | 2 +- 3 files changed, 4

isolate selinux_enforcing

I want to use SELinux in system container and only concern the function in the container. this system container run in vm and every vm has only one system container. How do I use now? docker run ... system-contaier /sbin/init after init is running ,the following service is also running: #this

Re: [PATCH v2] selinux: check for address length in selinux_socket_bind()

From: Alexander Potapenko Date: Mon, 6 Mar 2017 19:46:14 +0100 > KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of > uninitialized memory in selinux_socket_bind(): ... > (the line numbers are relative to 4.8-rc6, but the bug persists upstream) > > ,

Re: Custom Process Label (SElinux)

yes i did On Thu, Mar 9, 2017 at 3:20 PM, Russell Coker wrote: > On Thu, 9 Mar 2017 08:42:26 PM Kashif ali wrote: > > i have created a module for my custom service with seplogen command it > > has generated the policy module for my custom service and context for its > >

Re: Custom Process Label (SElinux)

On Thu, 9 Mar 2017 08:42:26 PM Kashif ali wrote: > i have created a module for my custom service with seplogen command it > has generated the policy module for my custom service and context for its > /usr/bin/mycustomeservicedaemon which is custom_service_exec_t when i run > my service it

Re: Custom Process Label (SElinux)

Please provide your te and fc files of this policy. - Thomas Am 9. März 2017 10:42:26 MEZ schrieb Kashif ali : >Hi, > i have created a module for my custom service with seplogen command it >has generated the policy module for my custom service and context for >its

Custom Process Label (SElinux)

Hi, i have created a module for my custom service with seplogen command it has generated the policy module for my custom service and context for its /usr/bin/mycustomeservicedaemon which is custom_service_exec_t when i run my service it doesn't get the label of custom_service_t where as it has