Browse code
update docs
Signed-off-by: Victor Vieux <vieux@docker.com>
Victor Vieux authored on 2014/09/30 09:59:29Showing 2 changed files
| ... | ... |
@@ -393,8 +393,8 @@ changes will also be reflected on the host in /var/db. |
| 393 | 393 |
|
| 394 | 394 |
## Using alternative security labeling |
| 395 | 395 |
|
| 396 |
-If you want to use the same label for multiple containers you can override use |
|
| 397 |
-the security-opt flag to select an MCS level. This is a common practive for MLS |
|
| 396 |
+If you want to use the same label for multiple containers, you can override use |
|
| 397 |
+the security-opt flag to select an MCS level. This is a common practice for MLS |
|
| 398 | 398 |
systems. But it also might help in cases where you want to share the same |
| 399 | 399 |
content between containers. Run the following command. |
| 400 | 400 |
|
| ... | ... |
@@ -231,23 +231,23 @@ the container exits**, you can add the `--rm` flag: |
| 231 | 231 |
--security-opt="label:type:TYPE" : Set the label type for the container |
| 232 | 232 |
--security-opt="label:level:LEVEL" : Set the label level for the container |
| 233 | 233 |
--security-opt="label:disable" : Turn off label confinement for the container |
| 234 |
+ --secutity-opt="apparmor:PROFILE" : Set the apparmor profile to be applied |
|
| 235 |
+ to the container |
|
| 234 | 236 |
|
| 235 |
-If you want to use the same label for multiple containers you can override use |
|
| 236 |
-the security-opt flag to select an MCS level. This is a common practive for MLS |
|
| 237 |
+If you want to use the same label for multiple containers, you can override use |
|
| 238 |
+the security-opt flag to select an MCS level. This is a common practice for MLS |
|
| 237 | 239 |
systems. But it also might help in cases where you want to share the same |
| 238 | 240 |
content between containers. Run the following command. |
| 239 | 241 |
|
| 240 | 242 |
# docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash |
| 241 | 243 |
|
| 242 |
-Run the follwing command if you want to disable the labeling controls for just |
|
| 244 |
+Run the following command if you want to disable the labeling controls for just |
|
| 243 | 245 |
this container. |
| 244 | 246 |
|
| 245 | 247 |
# docker run --security-opt label:disable -i -t fedora bash |
| 246 | 248 |
|
| 247 |
-If you decide you would like to work with a tighter policy on your container. |
|
| 248 |
-For example if you want to run a container that could only listen on apache |
|
| 249 |
-ports, and not connect to the network. You could select an alternate type to |
|
| 250 |
-run the container execute the following command. |
|
| 249 |
+Run the following command if you want to run a container that could only listen |
|
| 250 |
+on apache ports. |
|
| 251 | 251 |
|
| 252 | 252 |
# docker run --security-opt label:type:svirt_apache_t -i -t fedora bash |
| 253 | 253 |
|