DevConf.CZ 2019 has ended
Back To Schedule
Saturday, January 26 • 4:00pm - 4:50pm
Using SELinux with container runtimes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This talk will explain how SELinux works with containers. We will show how to enable/disable SElinux using multiple different container runtimes and define the default types. The two default types for running containers are container_t which is a fully confined domain, which eliminates any use of the host files unless they are relabeled. Or spc_t, which is the type containers run with when SELinux is disabled for container separation, --privileged mode. Writing custom policy for each container that needed additional access would be very difficult and require a container policy writer. Lukas built a new standalone tool, udica for generating SELinux policy profiles for containers based on automatic inspecting these containers. Come to see how easy you can create own policy for container!

avatar for Lukas Vrabec

Lukas Vrabec

Principal Software engineer & SELinux technology evangelist, Red Hat
Lukas Vrabec is a product owner & SELinux technology evangelist at Red Hat. He is leading SELinux and Security Special Projects engineering teams. Lukas is a long-term Fedora contributor and Red Hat Enterprise Linux developer. He is the author of udica, the tool for generating custom... Read More →
avatar for Dan Walsh

Dan Walsh

Senior Distinguished Engineer, Red Hat, Inc.
Daniel Walsh has worked in the computer security field for over 30 years.Dan is a Consulting Engineer at Red Hat. He joined Red Hat in August 2001.Dan leads the Red Hat Container Engineering team since August 2013, but hasbeen working on container tec

Saturday January 26, 2019 4:00pm - 4:50pm CET