There is the long standing open topic, if AppArmor is the right choice
for a container host OS or if there is not something better.
There are really nice ideas to build a security framework on top of
ePBF, but there is nothing really useable and secure today.
So it's time to teach MicroOS SELinux ;) for a PoC and evaluation.
We have a working policy in security:SELinux/selinux-policy, and this
works fine for me on Tumbleweed, but we have quite some challanges to
get this running on MicroOS:
- read-only root filesystem
- subvolumes (labels on mount points)
- transactional-update who has to label the system
And we don't have SELinux experts (but we have open positions!)
So anybody here willing to spent some time and help with this topic?
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org