Security-Enhanced Linux for container security
Security-Enhanced Linux (SELinux) is a brave attempt to clean up the security holes in Linux containers and is an implementation of a Mandatory Access Control (MAC) mechanism, Multi-Level security (MLS), and Multi-Category security (MCS) in the Linux kernel. A new collaborative initiative referred to as Virtproject, is being built on SELinux, and this is getting integrated with Libvirt to provide an adaptable MAC framework for virtual machines, as well as containers. This new architecture provides a sheltered separation and safety net for containers, as it primarily prevents root processes within the container from interfacing and interfering with other processes running outside this container. ...
Get Learning Docker now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.