Lukas Vrabec
2018-09-23 11:03:05 UTC
Hi All,
Back in April, I announced that we work on POC how we could
automatically create SELinux security policies for different kind of
containers.
The original concept is described here:
https://github.com/fedora-selinux/container-selinux-customization
Long story short, using pre-defined policy blocks, system administrators
would be able to simply create customized SELinux policies for containers.
The goal is to create a standalone tool which would be able to do it.
And we a have a prototype now. It's called "udica" and you can find it here:
https://github.com/containers/udica
In this repo you can find sources and examples how to create SELinux
policy for your containers.
I also created copr repository for Fedora 29 and Rawhide:
https://copr.fedorainfracloud.org/coprs/lvrabec/udica/
Feedback is welcome. Any issues please report in github issues tracking
system.
Thanks,
Lukas.
Back in April, I announced that we work on POC how we could
automatically create SELinux security policies for different kind of
containers.
The original concept is described here:
https://github.com/fedora-selinux/container-selinux-customization
Long story short, using pre-defined policy blocks, system administrators
would be able to simply create customized SELinux policies for containers.
The goal is to create a standalone tool which would be able to do it.
And we a have a prototype now. It's called "udica" and you can find it here:
https://github.com/containers/udica
In this repo you can find sources and examples how to create SELinux
policy for your containers.
I also created copr repository for Fedora 29 and Rawhide:
https://copr.fedorainfracloud.org/coprs/lvrabec/udica/
Feedback is welcome. Any issues please report in github issues tracking
system.
Thanks,
Lukas.
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.