Quoting Dwight Engen (dwight.en...@oracle.com): > Currently, a maximum of one LSM within LXC will be initialized and > used. If in the future stacked LSMs become a reality, we can support it > without changing the configuration syntax and add support for more than > a single LSM at a time to the lsm code. > > Generic LXC code should note that lsm_process_label_set() will take > effect "now" for AppArmor, and upon exec() for SELinux.
Ah, that's right, lxc-attach doesn't always exec a new task, right? So that's where the selinux behavior may be a problem. -serge ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
