smack-team / smack

Smack userspace
GNU Lesser General Public License v2.1
41 stars 33 forks source link

Does Smack support containers? #141

Open nakatani2023 opened 5 months ago

nakatani2023 commented 5 months ago

Hello,

In the environment where I run applications using containers such as Docker, I am considering implementing Mandatory Access Control (MAC). I have seen articles stating that SELinux and AppArmor can apply policies by configuring Docker in conjunction with Docker, but does Smack have a similar function? There is little information about Smack on the internet, could you please enlighten me?

Thank you in advance.

cschaufler commented 5 months ago

On 5/19/2024 10:04 PM, nakatani2023 wrote:

Hello,

In the environment where I run applications using containers such as Docker, I am considering implementing Mandatory Access Control (MAC). I have seen articles stating that SELinux and AppArmor can apply policies by configuring Docker in conjunction with Docker, but does Smack have a similar function?

Have a look at:

https://mihail-milev.medium.com/using-smack-to-secure-k8s-containers-and-nodes-a-proof-of-concept-6f6cf8550c1f

There is little information about Smack on the internet, could you please enlighten me?

Thank you in advance.

— Reply to this email directly, view it on GitHub https://github.com/smack-team/smack/issues/141, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ5L7CI3BXZMDYMGJDV7QDZDF74FAVCNFSM6AAAAABH7BCE6OVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMYDKMBZGE2DMNY. You are receiving this because you are subscribed to this thread.Message ID: @.***>

nakatani2023 commented 5 months ago

Hello,

Thank you for your reply. There is an example of using two containers for control, but can you distinguish between the two containers and the process on the host without setting up Docker like SELinux?