DevConf.CZ 2019: Using SELinux with container runtimes

Back To Schedule

Using SELinux with container runtimes

Feedback form is now closed.

This talk will explain how SELinux works with containers. We will show how to enable/disable SElinux using multiple different container runtimes and define the default types. The two default types for running containers are container_t which is a fully confined domain, which eliminates any use of the host files unless they are relabeled. Or spc_t, which is the type containers run with when SELinux is disabled for container separation, --privileged mode. Writing custom policy for each container that needed additional access would be very difficult and require a container policy writer. Lukas built a new standalone tool, udica for generating SELinux policy profiles for containers based on automatic inspecting these containers. Come to see how easy you can create own policy for container!

Speakers

Lukas Vrabec

Senior Software engineer & SELinux technology evangelist, Red Hat

Lukas Vrabec is a Senior Software engineer & SELinux technology evangelist at Red Hat. He is part of Security Controls team working on SELinux projects focusing especially on security policies. Lukas is author of udica, the tool for generating custom SELinux profiles for containers... Read More →

Daniel Walsh

Senior Distinguished Engineer, Red Hat

Daniel Walsh has worked in the computer security field for over 30 years. Dan is a Consulting Engineer at Red Hat. He joined Red Hat in August 2001. Dan leads the Red Hat Container Engineering team since August 2013, but has been working on container tec

Using SELinux with container runtimes pdf

Saturday January 26, 2019 4:00pm - 4:50pm
E105

Security / IdM, Intermediate - attendees should be familiar with the subject

DevConf.CZ 2019

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Lukas Vrabec

Daniel Walsh

Attendees (121)