On Fri, Jul 10, 2020 at 5:42 AM Thorsten Kukuk
Hi,
There is the long standing open topic, if AppArmor is the right choice for a container host OS or if there is not something better.
There are really nice ideas to build a security framework on top of ePBF, but there is nothing really useable and secure today.
So it's time to teach MicroOS SELinux ;) for a PoC and evaluation.
We have a working policy in security:SELinux/selinux-policy, and this works fine for me on Tumbleweed, but we have quite some challanges to get this running on MicroOS:
- read-only root filesystem - subvolumes (labels on mount points) - transactional-update who has to label the system
And we don't have SELinux experts (but we have open positions!)
So anybody here willing to spent some time and help with this topic?
So I'm definitely interested in helping with bringing SELinux to openSUSE as a whole. Actually, it's been in my plans for about a year or so now, especially after you expressed interest at SUSECON last year. I'm planning on starting the SELinux policy bringup after the /usr/libexec change lands, because then I can reuse the Fedora policy (which I know works and is a solid base to start from) with a *lot* less patching. Of course, help will definitely be appreciated, but that's where things stand with me right now. -- 真実はいつも一つ!/ Always, there's only one truth! -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org