How should I configure SELinux when running nginx inside Docker

security docker nginx selinux

Assuming of course that you're using an SELinux-enabled Docker (RHEL/CentOS 7 and Fedora) then you shouldn't need to do anything aside from make sure that SELinux is enabled and enforcing on the host machine.

The containers created with Docker or virsh are automatically assigned with an SELinux context specified in the SELinux policy.

You may want to check the security context that your container's processes run under. To do so, add the -Z option to ps. For example:

LABEL                             PID TTY      STAT   TIME COMMAND
system_u:system_r:virtd_lxc_t:s0:c5,c342 26351 ? Ss   0:00 /sbin/init
system_u:system_r:virtd_lxc_t:s0:c5,c342 26458 ? Ss   0:00 /usr/sbin/sshd -D

Note that SELinux itself is not namespaced, so you can't have separate SELinux policies within containers, as if they were independent OS installations.

This also doesn't appear to be as well-developed (yet) as SELinux for containers managed by libvirt. But in general it shouldn't be something you need to worry much about.

Related

Why Supervisor's http server won't wok?
Is it possible to configure IIS to redirect based on the SSL cipher suite used for the connection?
Does rails 4 asset_path helper uses asset.prefix? [closed]
Do Juniper switches support vtp?
Ansible: How to access hostvars in task?
Google chrome disable url suggestions from history
How to associate MIME type with a handler in OS X?
how to restore windows 7 to a know working state every time it boots
Internet Explorer 9 closes immediately on startup
Referencing multiple fields and items from a single cell - GETPIVOTDATA
How can I make my laptop F-key's work as F-keys?
Program doesn't show up in Other Programs in Open With Menu