How to run SE-Android container on Chrome OS

[Jihyun Yoon]

Hello 

I'm a newbie for chrome OS.

I've developed SE-Android on linux container.

As you know, container is a technology based on namespace and cgroup.

Unfortunately, SELinux is one of Linux Security Module, which is not aware of namespace. 

Then when Android works on linux container, SELinux does not work.

I've found SELinux-namespacing patches for it , which is managed by Stephen Smalley.

But that's on progress and unstable yet.

In the comment of patch, he said that Chrome OS would have the solution ,which uses SELinux only for LXC, not on host.

I've found that there was a patch to restrict SELinux enforcing to a PID namespace and it was reverted.

Now I heard ChromeOS could support running SE Android in a container IIUC.

Could I get the detail information for it?

Best Regards

Jihyun Yoon

[Mike Frysinger]

[ +xiaochu ]

maybe Xiaochu might be familiar with the references.  iiuc, we aren't doing sep selinux policies in the ARC++ container and the rest of CrOS and we aren't really planning on doing so.

for containers inside of a VM, the selinux policy outside of the VM doesn't matter.  we aren't shipping lxc in CrOS itself currently and don't have plans to.

-mike

--
--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en