I recently answered an email asking about –selinux-enabled in the docker daemon, I thought others might wonder about this, so I wrote this blog.
I’m currently researching the topic of
--selinux-enabledin docker and what it is doing when set to TRUE.
From what I’m seeing, it simply will set context and labels to the services (docker daemon) when SELinux is enabled on the system and not using OverlayFS.
But I’m wondering if that is even correct, and if so, what else is happening when setting
--selinux-enabled on the docker daemon causes it to set SELinux labels on the containers. Docker reads the contexts file
/etc/selinux/targeted/contexts/lxc_contexts for the default context to run containers.