From 82adf6af7c72b852449346835f33184a841b4796 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 10 Feb 2014 12:32:03 +0100 Subject: nspawn,man: use a common vocabulary when referring to selinux security contexts Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly. --- man/systemd-nspawn.xml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'man/systemd-nspawn.xml') diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index c95a7c0e9a..96ccc5cef7 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -249,23 +249,23 @@ - - + + - Sets the mandatory - access control (MAC/SELinux) file - label to be used by virtual API file - systems in the container. + Sets the SELinux + security context to be used to label + processes in the container. - - + + - Sets the mandatory - access control (MAC/SELinux) label to be used by - processes in the container. + Sets the SELinux security + context to be used to label files in + the virtual API file systems in the + container. @@ -495,7 +495,7 @@ # chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container # systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh - This runs a container with SELinux sandbox labels. + This runs a container with SELinux sandbox security contexts. -- cgit v1.2.1