16

I am trying to install SELinux inside of a Docker container in order to distribute an application that uses SELinux internally.

The default CentOS image does not have SELinux installed:

$ docker run -it centos:latest /bin/bash
[root@38ae5a98273d /]# sestatus
bash: sestatus: command not found

After I install it from yum, SELinux is not enabled yet.

[root@38ae5a98273d /]# yum install policycoreutils selinux-policy-targeted
...
[root@38ae5a98273d /]# sestatus
SELinux status:                 disabled

All the documentation I've found says that you need to issue a system reboot in order to install it. However, I am not aware of a method to simulate a system reboot inside a Docker container.

How does one go about installing and enabling SELinux inside of a container?

sffc
  • 382
  • 1
  • 3
  • 11

1 Answers1

33

SELinux is not namespaced, so individual containers cannot have their own separate SELinux policies. SELinux will always appear to be "disabled" in a container, though it is running on the host.

If your application requires SELinux, you cannot use it inside Docker. You will need to use a regular virtual machine.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940