6932807107
We need support for read/only mounts in SELinux to allow a bunch of containers to share the same read/only image. In order to do this we need a new label which allows container processes to read/execute all files but not write them. Existing mount label is either shared write or private write. This label is shared read/execute. Signed-off-by: Dan Walsh <dwalsh@redhat.com> |
||
|---|---|---|
| .. | ||
| label.go | ||
| label_selinux.go | ||
| label_selinux_test.go | ||