On Thu, 05.06.14 15:05, Jan Synacek ([email protected]) wrote: > > Is there a way to get it working? I'm using systemd-nspawn to start > a Fedora Rawhide container. > > # systemd-nspawn -bD /srv/rawhide > ... > <now inside the container> > > # getenforce > Disabled
SELinux is not virtualized, there's only one selinux policy available in the kernel, and there's no concept of per-container policies. You can only use SELinux on the host, and each container should really run under a single label. (On the lower-level: /sys/fs/selinux is mounted read-only for the containers, which is indication to libselinux in the container, to claim that selinux being disabled.) Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
