pcmoore
commented
8 years ago To be clear, this doesn't mean namespacing the LSM (e.g., allowing different LSMs per namespace), just SELinux.
Open stephensmalley opened 8 years ago
pcmoore
commented
8 years ago To be clear, this doesn't mean namespacing the LSM (e.g., allowing different LSMs per namespace), just SELinux.
At present, usage of SELinux with containers is limited to using SELinux to isolate containers from each other, not to enforce any security goals within the container. Consequently, moving your apache web server instance from a host to a container costs you the ability to limit that apache web server to least privilege, and possibly to prevent exploitation altogether. Similarly, the use of MCS to isolate containers means we can't readily use MCS within containers to isolate/sandbox individual applications within the container. This is too limiting especially as many migrate from virtualization to containers. We need to investigate ways of supporting namespaced security contexts (so that category c1 within container A is not the same as category c1 within container B, and type T1 in container A is not the same as type T1 in container B) and policy (so that container admins can only affect policy for their container).