[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] We are working on Roles Based Access Control for docker.

On Mon, 2015-03-30 at 13:15 -0400, Daniel J Walsh wrote:
> I have thrown  up some of my original ideas on RBAC separation on
> github,  Described in the readme.md
> https://github.com/rhatdan/docker-rbac
> Please review and tell me if you have other ideas.  I guess we can carry
> the conversation via issues, this email or pull requests.


I've laid some groundwork to which I call 'TrusteDocker' in this branch:


It's supposed to work in the following way:
- docker daemon is started with the --trusted flag, this labels the
process as SELinux type 'docker_daemon_t', daemon also labels the
created Unix socket as 'docker_socket_t'. Define a policy that allows
only docker_daemon_t to talk to docker_socket_t. This ensures that the
daemon communicates only with compatible binary; other methods of
communication with the daemon have to be disabled (TCP).

- each request that is sent from Docker Cli to the daemon is decorated
with 2 additional HTTP headers, UID/EUID of the user.

- Containers can be labeled on per-process basis, but I'm not sure how
to label image files so that users can have private images
(with the v2 image spec this is easy as we can simply label the
manifest, which is what defines the image)

- I'm not sure whether to define a specific label for each user, or just
use the UID aka MCS.

Pavel Odvody <podvody redhat com>
Software Engineer - EMEA ENG Developer Experience
5EC1 95C1 8E08 5BD9 9BBF 9241 3AFA 3A66 024F F68D
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]