DevConf.CZ 2019 has ended

Saturday, January 26 • 4:00pm - 4:50pm
Using SELinux with container runtimes

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This talk will explain how SELinux works with containers. We will show how to enable/disable SElinux using multiple different container runtimes and define the default types. The two default types for running containers are container_t which is a fully confined domain, which eliminates any use of the host files unless they are relabeled. Or spc_t, which is the type containers run with when SELinux is disabled for container separation, --privileged mode. Writing custom policy for each container that needed additional access would be very difficult and require a container policy writer. Lukas built a new standalone tool, udica for generating SELinux policy profiles for containers based on automatic inspecting these containers. Come to see how easy you can create own policy for container!

avatar for Lukas Vrabec

Lukas Vrabec

Software engineer, Red Hat
Lukas Vrabec is a Software engineer at Red Hat and is part of Security Controls team working on SELinux projects focusing especially on security policies. He currently maintains the selinux-policy packages for Fedora and Red Hat Enterprise Linux distributions.
avatar for Daniel Walsh

Daniel Walsh

Senior Distinguished Engineer, Red Hat
Daniel Walsh has worked in the computer security field for over 35 years. Dan is a Senior Distinguished Engineer at Red Hat. He joined Red Hat in August 2001. Dan is the lead architect of the Red Hat Container Runtime Engineering team. Dan has been working on container technology... Read More →

Saturday January 26, 2019 4:00pm - 4:50pm

Attendees (122)