-
-
Wanted to try a debian using their https://cloud.debian.org/images/cloud/, but the ubuntu script download vmlinuz/initrd from unpacked cloud image, how to get them in order to create (and PR) a script…
-
There is a --security-opt flag in docker run, Will there be support for a similar option in docker service create?
-
dnsmasq is guarded by enforcing apparmor on some systems. Add a warning about it or add ` /var/lib/hostsblock/hosts.block r,
` in the apparmor profile of dnsmasq
-
**Is your feature request related to a problem? Please describe.**
The upstream packages (.deb specifically) lack an AppArmor profile, also the one that comes with the package from debian repositorie…
-
Identified as a **medium** severity finding in the December 2020 Workstation audit report (`TOB-SDW-026`), the auditors recommend hardening the applications to leverage Linux native isolation and sand…
-
```
version: '3'
services:
nfs-server:
image: erichough/nfs-server
ports:
- 127.0.11.20:2049:2049
- 127.0.11.20:111:111
- 127.0.11.20:32767:32767
- 127.0.1…
-
# Issue description
Starting dovecot fails inside a container, because systemd fails to setup mount namespacing.
Note: Near the end of my debugging, I fixed this by enabling the generated apparm…
-
Let's make use of systemd sandboxing mechanisms to harden all services by default, whitelisting any services where necessary.
* Big time advantage: not bothering to sandbox single services one by o…
-
# Required information
* Distribution: arch linux
* Distribution version: rolling
```shell
❯ lxc-start --version
5.0.3
❯ uname -a
Linux argon 6.5.6-arch2-1 #1 SMP PREEMPT_DYNAMIC Sat, 07 …