On Sat, Apr 10, Attila Pinter wrote:
I'm very happy to see work going into this. SELinux would improve a lot on security especially when it comes to containerization. It is crazy simple to break out of a Podman container if it is secured by AppArmor. Granted, writing the policies is time consuming and the transition might not be the easiest, but well worth it on the long run not to mention that we could probably take policies from Fedora as well.
The base of our selinux policy is the Fedora one. But there are too many differences in the setup of the system, and all of them needs adjustements of the policy.