[Lxc-users] LXC on RHEL/CenOS 5.5 Host?
Serge E. Hallyn
serge.hallyn at canonical.com
Fri Jan 14 20:27:41 UTC 2011
Quoting Cal Webster (cwebster at ec.rr.com):
> On Fri, 2011-01-14 at 11:59 -0600, Serge E. Hallyn wrote:
> > Quoting Cal Webster (cwebster at ec.rr.com):
> > > I've looked at OpenVZ but it apparently cannot coexist with SELinux,
> >
> > Do you know why? Do you have any references for this?
>
> None of the OpenVZ forum members could cite any references or explain
> this. None of the on-line documentation goes into detail. The only
> references to SELinux I could find said the SELinux _must_ be disabled
> before bringing up the OpenVZ kernel, which is compliled without SELinux
> support.
>
> The only forum member that answered my post just said that "OpenVZ
> introduces many hacks to the kernel. If you read the code, you'll know
> what this is about." That's when he suggested I look at LXC. Before I
> spent the time to read through their kernel hacks I decided to see what
> LXC offered. That's when I discovered the problem with available kernel
> versions.
Hmm - well selinux isn't magic - it does need its hooks to be in the
right places, so if openvz is providing ways around the hooks, then
yeah it might "work" but not actually be enforcing anything effectively.
So, not having looked at the openvz patch myself recently, I guess I'd
take their word for it :)
-serge
More information about the lxc-users
mailing list