this is my docker and os version:
[rancher@ip-xxxxxxxxx ~]$ sudo docker version
Client:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 23:26:11 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 23:26:11 2016
OS/Arch: linux/amd64
[rancher@ip-xxxxxxxxx ~]$ sudo ros os version
v0.7.1
What I need to do exactly please?
Upgrade versions? I need to install the Selinux or it was installed by defeault?
Any tuto, video, document …?
If you ros os upgrade is should upgrade your system to boot with v0.8.1 (and in a few days v0.9.0) which comes with a 4.9.12 kernel with SELinux built in.
ros engine switch docker-1.13.0 will change your Docker engine to 1.13.1 - in both cases, there’s a ros <component> list command that will give you a list of options.
I am back, I have a concern, when I run selinux with system-docker ros selinux the docker instance start and I found my self with a special root shell session (getenforce work – disabled).
When I exit this special session the selinux container stop.
When I start a new shell session and execute getenforce (or sudo getenforce) result: command not found (selinux container still work).
I create a script to start automaically selinux (a script under /opt/rancher/bin to start selinux container at boot)
But when getenforce and setenforce don’t work.
Hi,
I did all these but no news:
[rancher@rancher ~]$ cat /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=ros
and
sudo ros config set rancher.docker.selinux_enabled true.
reboot
When I test
[rancher@rancher ~]$ sudo system-docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5bf99b61d068 rancher/os-console:v0.8.1 “/usr/bin/ros entrypo” 4 hours ago Up 4 hours console
3d693d5ed798 rancher/os-docker:1.12.6 “ros user-docker” 8 hours ago Up 4 hours docker
4f50f0c0fae2 rancher/os-base:v0.8.1 “/usr/bin/ros entrypo” 8 hours ago Up 4 hours ntp
5a6e85bfeeec rancher/os-base:v0.8.1 “/usr/bin/ros entrypo” 8 hours ago Up 4 hours network
cd2755f0d9a4 rancher/os-base:v0.8.1 “/usr/bin/ros entrypo” 8 hours ago Up 4 hours udev
70c1f051c981 rancher/os-acpid:v0.8.1 “/usr/bin/ros entrypo” 8 hours ago Up 4 hours acpid
5ac254b678bb rancher/os-base:v0.8.1 “/usr/bin/ros entrypo” 8 hours ago Up 4 hours syslog
My needs are test some security features on rancheros.
Ex: userA run one or more docker containers and userB will make some changes.
In case when userB mount the same volume (used by containers from userA) userB can, always, change files like he wanna. With SElinux I can prevent this.
But now, have you any idea?
thank you for helping.