How should I configure SELinux when running nginx inside Docker
Assuming of course that you're using an SELinux-enabled Docker (RHEL/CentOS 7 and Fedora) then you shouldn't need to do anything aside from make sure that SELinux is enabled and enforcing on the host machine.
The containers created with Docker or virsh are automatically assigned with an SELinux context specified in the SELinux policy.
You may want to check the security context that your container's processes run under. To do so, add the -Z
option to ps
. For example:
LABEL PID TTY STAT TIME COMMAND
system_u:system_r:virtd_lxc_t:s0:c5,c342 26351 ? Ss 0:00 /sbin/init
system_u:system_r:virtd_lxc_t:s0:c5,c342 26458 ? Ss 0:00 /usr/sbin/sshd -D
Note that SELinux itself is not namespaced, so you can't have separate SELinux policies within containers, as if they were independent OS installations.
This also doesn't appear to be as well-developed (yet) as SELinux for containers managed by libvirt. But in general it shouldn't be something you need to worry much about.