Discover Server Security News
SELinux changes for KVM-separated (Kata) containers
Learn about SELinux types that improve container security in engines such as Podman and CRI-O.
It has been a while since I have written about SELinux, but I continue to work with it in containers.
Many years ago, I wrote the first SELinux policy for containers, before Docker existed. I was working on
libvirt-lxc at the time, and containers launched out of
libvirt. Later, when the Docker project hit the scene, I adapted the container policy to the Docker engine. The
container-selinux policy and package were born. Most everyone that uses containers and SELinux is using this policy.