On 01/30/2018 03:37 PM, Stephen Smalley wrote:
> On Fri, 2018-01-26 at 15:32 +0100, peter.enderb...@sony.com wrote:
> goto err;
>
> - rc = security_preserve_bools(newpolicydb);
> + rc = security_preserve_bools(_rcu->policydb);
> if (rc) {
> printk(KERN_ERR "SELinux:
Hello,
I am attempting to run Docker on CentOS 7.4 with selinux and kernel
namespaces enabled. When I do so I observe an error that leads me to
an issue filed in github and a kernel patch that suggests that the
cause should be fixed in kernel 4.11+. Yet I cannot run docker
containers in this
On Wed, Feb 7, 2018 at 12:48 PM, Stephen Smalley wrote:
> On Tue, 2018-02-06 at 17:18 -0500, Paul Moore wrote:
...
>> While I don't think we need to tackle this as part of the
>> encapsulation work, this is another reminder that we should look into
>> breaking the separation
On Tue, 2018-02-06 at 17:18 -0500, Paul Moore wrote:
> On Mon, Oct 2, 2017 at 11:58 AM, Stephen Smalley
> wrote:
> > Define a selinux namespace structure (struct selinux_ns)
> > for SELinux state and pass it explicitly to all security server
> > functions. The public portion
On Tue, Feb 6, 2018 at 5:18 PM, Paul Moore wrote:
> On Mon, Oct 2, 2017 at 11:58 AM, Stephen Smalley wrote:
>> Define a selinux namespace structure (struct selinux_ns)
>> for SELinux state and pass it explicitly to all security server
>> functions. The