YoVDO

Using a Different LSM from the Host in a Container

Offered By: Linux Foundation via YouTube

Tags

Container Security Courses AppArmor Courses SELinux Courses LXD Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the challenges and solutions for using different Linux Security Modules (LSMs) in containers than those used by the host system in this 32-minute conference talk. Delve into the complexities of enabling AppArmor LSM within containers on hosts running SELinux or Smack. Learn about the pitfalls encountered and strategies developed while implementing this capability for snappy applications and LXD system containers. Examine topics such as LSM namespacing, multiple LSMs, kernel virtualization, and dynamic LSM stacking. Gain insights into container security, user namespaces, and the current limitations of running inverse configurations.

Syllabus

Intro
Containers
LSM
Namespacing
Multiple LSMs
Interfaces
Display LSM
Multiple LSM
Why
A Primer
Simple Container
Premier Policy
Security FS
Kernel Virtualization
More Issues
Container Security FS
No New Proves
Stacking Internal bounding
Nesting of containers
User namespaces
What we can do
LXDE
LXDE Demo
Dynamic LSM stacking
No new probes


Taught by

Linux Foundation

Tags

Related Courses

AZ-500: Microsoft Azure Security Technologies (LA)
A Cloud Guru
Kubernetes Security
A Cloud Guru
Scenario Based Docker Security
A Cloud Guru
Scenario Based LXD/LXC Security
A Cloud Guru
Secure Container Host Operating System
A Cloud Guru