Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Using a Different LSM from the Host in a Container

Linux Foundation via YouTube

Overview

Explore the challenges and solutions for using different Linux Security Modules (LSMs) in containers than those used by the host system in this 32-minute conference talk. Delve into the complexities of enabling AppArmor LSM within containers on hosts running SELinux or Smack. Learn about the pitfalls encountered and strategies developed while implementing this capability for snappy applications and LXD system containers. Examine topics such as LSM namespacing, multiple LSMs, kernel virtualization, and dynamic LSM stacking. Gain insights into container security, user namespaces, and the current limitations of running inverse configurations.

Syllabus

Intro
Containers
LSM
Namespacing
Multiple LSMs
Interfaces
Display LSM
Multiple LSM
Why
A Primer
Simple Container
Premier Policy
Security FS
Kernel Virtualization
More Issues
Container Security FS
No New Proves
Stacking Internal bounding
Nesting of containers
User namespaces
What we can do
LXDE
LXDE Demo
Dynamic LSM stacking
No new probes

Taught by

Linux Foundation

Reviews

Start your review of Using a Different LSM from the Host in a Container

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.