runc/selinux at e7abf30cb820f2c49b412df1fbfd5590f19a141a - runc

History

Dan Walsh 6932807107 Add support for r/o mount labels We need support for read/only mounts in SELinux to allow a bunch of containers to share the same read/only image. In order to do this we need a new label which allows container processes to read/execute all files but not write them. Existing mount label is either shared write or private write. This label is shared read/execute. Signed-off-by: Dan Walsh <dwalsh@redhat.com>	2016-10-17 16:56:42 -04:00
..
selinux.go	Add support for r/o mount labels	2016-10-17 16:56:42 -04:00
selinux_test.go	Add label.GetFileLabel interface	2016-04-08 13:10:37 -04:00

Dan Walsh 6932807107 Add support for r/o mount labels

We need support for read/only mounts in SELinux to allow a bunch of
containers to share the same read/only image.  In order to do this
we need a new label which allows container processes to read/execute
all files but not write them.

Existing mount label is either shared write or private write.  This
label is shared read/execute.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>

2016-10-17 16:56:42 -04:00

selinux.go

Add support for r/o mount labels

2016-10-17 16:56:42 -04:00

selinux_test.go

Add label.GetFileLabel interface

2016-04-08 13:10:37 -04:00