2a0b4ab45f
Since these will be shared between containers we want to label them as svirt_sandbox_file_t:s0. That will allow multiple containers to write to them. Currently we are allowing container domains to read/write all content in /var/lib/docker because of container volumes. This is a big security hole in our SELinux story. This patch will allow us to tighten up the security of docker containers. Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan) Upstream-commit: 73617e5e18159e5f791d2860c7857cd5dea31be4 Component: engine