Using SELinux with container runtimes

Presentation name: Using SELinux with container runtimes Speakers: Lukas Vrabec, Daniel Walsh Description: This talk will explain how SELinux works with containers. We will show how to enable/disable SElinux using multiple different container runtimes and define the default types. The two default types for running containers are container_t which is a fully confined domain, which eliminates any use of the host files unless they are relabeled. Or spc_t, which is the type containers run with when SELinux is disabled for container separation, --privileged mode. Writing custom policy for each container that needed additional access would be very difficult and require a container policy writer. Lukas built a new standalone tool, udica for generating SELinux policy profiles for containers based on automatic inspecting these containers. Come to see how easy you can create own policy for container! [ https://sched.co/Jcf8 ]

Join Today
Multi - Networking Kubernetes Containers with CNI
▶︎

Multi - Networking Kubernetes Containers with CNI

SELinux: Die Hintergründe verstehen - Mario Rosic - Grazer Linuxtage 2016
▶︎

SELinux: Die Hintergründe verstehen - Mario Rosic - Grazer Linuxtage 2016

SELinux All the Way Down: Namespaces for SELinux - Stephen Smalley, National Security Agency
▶︎

SELinux All the Way Down: Namespaces for SELinux - Stephen Smalley, National Security Agency

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan
▶︎

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
▶︎

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

Inside Anthropic, the $965 Billion AI Juggernaut | The Circuit
▶︎

Inside Anthropic, the $965 Billion AI Juggernaut | The Circuit

Designing Data-Intensive Applications: Chapters 1 and 2
▶︎

Designing Data-Intensive Applications: Chapters 1 and 2

The Level Up Hour (E63) | SELinux: Containers and custom policy extensions
▶︎

The Level Up Hour (E63) | SELinux: Containers and custom policy extensions

What to teach when AI writes the code | Rainer Stropek | TEDxLinz
▶︎

What to teach when AI writes the code | Rainer Stropek | TEDxLinz

The World's Most Important Machine
▶︎

The World's Most Important Machine

Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones
▶︎

Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

I Stole a Car Using a Baby Monitor
▶︎

I Stole a Car Using a Baby Monitor

40Hz Binaural Gamma Waves - Ultra Deep Concentration
▶︎

40Hz Binaural Gamma Waves - Ultra Deep Concentration

Abstract Black and White wave pattern| Height Map Footage| 3 hours Topographic 4k Background
▶︎

Abstract Black and White wave pattern| Height Map Footage| 3 hours Topographic 4k Background

Podman Tutorial Zero to Hero | Full 1 Hour Course
▶︎

Podman Tutorial Zero to Hero | Full 1 Hour Course

Get Started with Security Context Constraints on Red Hat OpenShift
▶︎

Get Started with Security Context Constraints on Red Hat OpenShift

Overview of SELinux and AppArmor
▶︎

Overview of SELinux and AppArmor

Building the PERFECT Linux PC with Linus Torvalds
▶︎

Building the PERFECT Linux PC with Linus Torvalds