10 Apr
2021
10 Apr
'21
19:55
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, April 10th, 2021 at 12:07, Attila Pinter adathor@opensuse.org wrote:
I'm very happy to see work going into this. SELinux would improve a lot on security especially when it comes to containerization. It is crazy simple to break out of a Podman container if it is secured by AppArmor.
Granted, writing the policies is time consuming and the transition might not be the easiest, but well worth it on the long run not to mention that we could probably take policies from Fedora as well.
A.
Since one of my projects is to build a container system like Docker it would be great to be able to really lock things down. I have a few ideas in my mind about what would make it different from Docker (note: I'm not saying it'll be better). But one of my primary goals was to target OpenSUSE as the standard platform.
Simon.