There is a lot we can do with SELinux to help make our system more secure. The following are a few more tips:
- If SELinux is in the enforcing mode and the Docker daemon is configured to use SELinux, then we will not be able to shut down the host from the container, like we did earlier in this chapter:
- As we know, by default, all the containers will run with the svirt_lxc_net_t label, but we can also adjust SELinux labels for custom requirements. Try visiting the Adjusting SELinux labels section of http://opensource.com/business/15/3/docker-security-tuning.
- Setting up MLS with Docker containers is also possible. Try visiting the Multi Level Security mode section of http://opensource.com/business/15/3/docker-security-tuning.