SELinux changes for KVM-separated (Kata) containers
![Danbo 4293091 1920 Cropped Esm W900](/images/articles/server-security/danbo-4293091_1920_Cropped-esm-w900.webp)
Learn about SELinux types that improve container security in engines such as Podman and CRI-O.
It has been a while since I have written about SELinux, but I continue to work with it in containers.
Many years ago, I wrote the first SELinux policy for containers, before Docker existed. I was working on libvirt-lxc
at the time, and containers launched out of libvirt
. Later, when the Docker project hit the scene, I adapted the container policy to the Docker engine. The container-selinux
policy and package were born. Most everyone that uses containers and SELinux is using this policy.