Naked Container: A container run without the default AppArmor, default Seccomp, or SELinux. Naked Containers make me sad.
aren't AppArmor/SELinux rather distro-specific in practice? Ubuntu has AppArmor, Fedora has SELinux?
-
-
and apart from resource limits, is there anything you wouldn't be able to secure without seccomp/LSMs?
-
Writing to specific areas of proc and sys, blocking cloning new userns inside the container blocking ptrace
- 7 more replies
New conversation -
-
-
Ya I like seccomp plus 1 other depending on distro
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.