Advisories

Discover Server Security News

SELinux changes for KVM-separated (Kata) containers

SELinux changes for KVM-separated (Kata) containers

Learn about SELinux types that improve container security in engines such as Podman and CRI-O.

 

It has been a while since I have written about SELinux, but I continue to work with it in containers.

Many years ago, I wrote the first SELinux policy for containers, before Docker existed. I was working on libvirt-lxc at the time, and containers launched out of libvirt. Later, when the Docker project hit the scene, I adapted the container policy to the Docker engine. The container-selinux policy and package were born. Most everyone that uses containers and SELinux is using this policy.

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]