jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,052 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

3 Commits

Author SHA1 Message Date
Aleksa Sarai 9aef504415
vendor: update github.com/opencontainers/selinux 
This is a bump to v1.3.0, plus the necessary CVE-2019-16884 mitigation.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2019-09-30 00:36:59 +10:00
Daniel J Walsh cd96170c10
Need to setup labeling of kernel keyrings. 
Work is ongoing in the kernel to support different kernel
keyrings per user namespace.  We want to allow SELinux to manage
kernel keyrings inside of the container.

Currently when runc creates the kernel keyring it gets the label which runc is
running with ususally `container_runtime_t`, with this change the kernel keyring
will be labeled with the container process label container_t:s0:C1,c2.

Container running as container_t:s0:c1,c2 can manage keyrings with the same label.

This change required a revendoring or the SELinux go bindings.

github.com/opencontainers/selinux.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2019-03-13 17:57:30 -04:00
Qiang Huang 5e7b48f7c0 Use opencontainers/selinux package 
It's splitted as a separate project.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2017-03-23 08:21:19 +08:00