almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-29 10:12:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
dangerzone/dangerzone/isolation_provider
History
Alex Pyrgiotis e1e63d14f8
container: Set container_engine_t SELinux label 
Set the `container_engine_t` SELinux on the **outer** Podman container,
so that gVisor does not break on systems where SELinux is enforcing.
This label is provided for container engines running within a container,
which fits our `runsc` within `crun` situation.

We have considered using the more permissive `label=disable` option, to
disable SELinux labels altogether, but we want to take advantage of as
many SELinux protections as we can, even for the **outer** container.

Fixes #880
2024-07-26 16:34:19 +03:00
..
__init__.py Split isolation providers into their own .py files 2023-01-25 14:19:05 +00:00
base.py chore: minor linting 2024-06-05 14:19:31 +02:00
container.py container: Set container_engine_t SELinux label 2024-07-26 16:34:19 +03:00
dummy.py chore(imports): remove useless imports 2024-06-05 14:19:30 +02:00
qubes.py chore: minor linting 2024-06-05 14:19:31 +02:00