Switch to "mcs" SELinux policy
We're going to want the ability for processes to have unique categories, to enforce separation of container processes. Gentoo's SELinux policy supports both Multi-Category Security and Multi-Level Security modes, although the latter does not seem to work out of the box.
This commit is contained in:
@@ -100,10 +100,10 @@ setfiles \
|
||||
-F \
|
||||
-m \
|
||||
-r /mnt/gentoo \
|
||||
-c /mnt/gentoo/etc/selinux/strict/policy/policy.* \
|
||||
-c /mnt/gentoo/etc/selinux/mcs/policy/policy.* \
|
||||
-e /mnt/gentoo/var/db/pkg \
|
||||
-e /mnt/gentoo/etc/portage \
|
||||
/mnt/gentoo/etc/selinux/strict/contexts/files/file_contexts \
|
||||
/mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
|
||||
/mnt/gentoo
|
||||
|
||||
touch /mnt/gentoo/usr
|
||||
|
||||
Reference in New Issue
Block a user