On Tue, Feb 23, Matěj Cepl wrote:
Dne 23. 02. 21 v 22:41 Thorsten Kukuk napsal(a):
[…] we also provide and use SELinux meanwhile.
Well, this seems like the optimistic declaration of the year, considering the state of our SELinux support.
We have everything which is required to install and enable it, we have meanwhile QA for it, and for MicroOS it's now even the default and works fine as Container Host. For everything else, as already written some time ago: we need volunteers who test their typical workload, report bugs and even better, help to debug and adjust the policy. There will not be magically an armee of people fixing everything for you. At least on MicroOS, the state of SELinux is much better than the one of AppArmor, where we even don't have profiles for most services. The last time I checked, we had one service without SELinux profile on MicroOS, while with AppArmor, only one service was protected... Thorsten
Best,
Matěj
-- https://matej.ceplovi.cz/blog/, Jabber: mcepl@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8
Give a man a regular expression and he’ll match a string… teach him to make his own regular expressions and you’ve got a man with problems. -- yakugo in http://regex.info/blog/2006-09-15/247#comment-3022
pub rsa4096 2016-04-27 [SC] 3C76A027CA45AD7098B5BC1D79205802880BC9D8 uid Matěj Cepl <mcepl@cepl.eu> uid Matěj Cepl <ceplm@seznam.cz> uid Matěj Cepl <mcepl@redhat.com> uid Matěj Cepl <matej.cepl@gmail.com> uid Matěj Cepl <matej@ceplovi.cz> sub rsa4096 2016-04-27 [E]
-- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)