SELinux and Smack security modules for Linux containers
Lightweight containers, otherwise known as Virtual Private Servers (VPS) or Jails, are often thought of as a security tools designed to confine untrusted applications or users; but as presently constructed, these containers do not provide adequate security guarantees. By strengthening these containers using SELinux or Smack policy, a much more secure container can be implemented in Linux®. This article shows you how to create a more secure Linux-Security-Modules-protected container. Both the SELinux and Smack policy are considered works in progress, to be improved upon with help from their respective communities.
|
|
A common response when someone first hears about containers is "How do I create a secure container?" This article answers that question by showing you how to use Linux Security Modules (LSM) to improve the security of containers. In particular, it shows you how to specify a security goal and meet it with both the Smack and SELinux security modules. Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.