Loading…
DevConf.CZ 2019 has ended

Saturday, January 26 • 4:00pm - 4:50pm
Using SELinux with container runtimes

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This talk will explain how SELinux works with containers. We will show how to enable/disable SElinux using multiple different container runtimes and define the default types. The two default types for running containers are container_t which is a fully confined domain, which eliminates any use of the host files unless they are relabeled. Or spc_t, which is the type containers run with when SELinux is disabled for container separation, --privileged mode. Writing custom policy for each container that needed additional access would be very difficult and require a container policy writer. Lukas built a new standalone tool, udica for generating SELinux policy profiles for containers based on automatic inspecting these containers. Come to see how easy you can create own policy for container!

Speakers
avatar for Lukas Vrabec

Lukas Vrabec

Software engineer, Red Hat
Lukas Vrabec is a Software engineer at Red Hat and is part of Security Controls team working on SELinux projects focusing especially on security policies. He currently maintains the selinux-policy packages for Fedora and Red Hat Enterprise Linux distributions.
avatar for Dan Walsh

Dan Walsh

Senior Distinguished Engineer, Red Hat
Daniel Walsh has worked in the computer security field for over 30 years. Dan is a Consulting Engineer at Red Hat. He joined Red Hat in August 2001. Dan leads the Red Hat Container Engineering team since August 2013, but has been working on container tec



Saturday January 26, 2019 4:00pm - 4:50pm
E105

Attendees (122)