Docker can safely and easily run in conjunction with selinux. To ensure you're setup for selinux support, check the following:
'getenforce' - Are you enforcing/permissive/disabled? You should be enforcing. if not, run 'setenforce 1'.
'yum list installed docker-selinux*' - If nothing returns, then you're missing the selinux components and need to install them. Run 'yum install -y docker-selinux' to resolve.
'cat /etc/sysconfig/docker | grep OPTIONS' - You should see 'OPTIONS='--selinux-enabled''. If not make the change and restart the docker daemon: 'systemctl restart docker'.
Docker works auto-magically with selinux to enhance your system's security. The only things you need to do to properly work with the tool are to understand the switches involved with bind mounting storage. Visit the Bind Mounting Storage & Ports and Working with NFS mounts articles if you haven't already to understand the caveats with selinux and docker storage.
Next: Conclusion
No comments:
Post a Comment