While we know this is by no means complete it at least stops users from
doing a common ignorant action.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
We need the ability when using --ipc container:ID to match the SELinux label of the
container that the new container is sharing a label with.
Also add the ability to get the option to disable SELinux labeling for a container.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This will allow us to do the following with docker.
Customize the way that a labeling system like SELinux will run on a container.
--label-opt="user:USER" : Set the label user for the container
--label-opt="role:ROLE" : Set the label role for the container
--label-opt="type:TYPE" : Set the label type for the container
--label-opt="level:LEVEL" : Set the label level for the container
--label-opt="disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Deprecated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Dan Walsh