OpenVZ Forum: Support » Why is SELinux incompatible with OpenVZ?

Home » General » Support » Why is SELinux incompatible with OpenVZ? (Specifically what makes OpenVZ incompatible with SELinux?)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: Why is SELinux incompatible with OpenVZ? [message #41372 is a reply to message #41363]

Tue, 11 January 2011 21:26

thewanderer
Messages: 1
Registered: August 2010

Junior Member

OpenVZ introduces many hacks to the kernel. If you read the code, you'll know what this is about.
However, Linux Containers are compatible with SELinux. I'd suggest trying that - you do not have to use OpenVZ for separation when you secure LXC with SELinux (as described in an IBM tutorial: search the web for "secure linux containers cookbook"), and you make it available for the host as well.
I would not recommend running LXC without SELinux-secured containers, though - it's too easy to break out with CAP_SYS_ADMIN and init seems to need it on most distros.

Report message to a moderator

[Message index]

		Why is SELinux incompatible with OpenVZ? By: cwebster on Sun, 09 January 2011 20:27
		Re: Why is SELinux incompatible with OpenVZ? By: thewanderer on Tue, 11 January 2011 21:26
		Re: Why is SELinux incompatible with OpenVZ? By: cwebster on Wed, 12 January 2011 16:48

Previous Topic:	Container on encfs (fuse) dosn't work
Next Topic:	VE suddenly doesn't start anymore

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Aug 10 11:14:29 GMT 2024

Total time taken to generate the page: 0.02672 seconds