mirror of
https://github.com/docker/docs.git
synced 2026-03-30 07:48:52 +07:00
73617e5e18
Since these will be shared between containers we want to label them as svirt_sandbox_file_t:s0. That will allow multiple containers to write to them. Currently we are allowing container domains to read/write all content in /var/lib/docker because of container volumes. This is a big security hole in our SELinux story. This patch will allow us to tighten up the security of docker containers. Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)