Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Docker Cookbook

You're reading from   Docker Cookbook Over 100 practical and insightful recipes to build distributed applications with Docker

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher
ISBN-13 9781788626866
Length 352 pages
Edition 2nd Edition
Tools
Arrow right icon
Authors (3):
Arrow left icon
Neependra K Khare Neependra K Khare
Author Profile Icon Neependra K Khare
Neependra K Khare
Ken Cochrane Ken Cochrane
Author Profile Icon Ken Cochrane
Ken Cochrane
Jeeva S. Chelladhurai Jeeva S. Chelladhurai
Author Profile Icon Jeeva S. Chelladhurai
Jeeva S. Chelladhurai
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Introduction and Installation 2. Working with Docker Containers FREE CHAPTER 3. Working with Docker Images 4. Network and Data Management for Containers 5. Docker Use Cases 6. Docker APIs and SDKs 7. Docker Performance 8. Docker Orchestration and Hosting a Platform 9. Docker Security 10. Getting Help and Tips and Tricks 11. Docker on the Cloud 12. Other Books You May Enjoy

Setting Mandatory Access Control (MAC) with SELinux

It is recommended that you set up some form of MAC on the Docker host, either through SELinux or AppArmor, depending on the Linux distribution. In this recipe, we'll see how to set up SELinux on a Fedora/RHEL/CentOS installed system. Let's first look at what SELinux is:

  • SELinux is a labeling system
  • Every process has a label
  • Every file, directory, and system object has a label
  • Policy rules control access between labeled processes and labeled objects
  • The kernel enforces the rules

With Docker containers, we use two types of SELinux enforcement:

  • Type enforcement: This is used to protect the host system from container processes. Each container process is labeled svirt_lxc_net_t, and each container file is labeled svirt_sandbox_file_t. The svirt_lxc_net_t type is allowed to manage any content labeled with svirt_sandbox_file_t...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image