Loading…
DevConf.CZ 2020 has ended
Back To Schedule
Sunday, January 26 • 11:00am - 11:55am
Custom SELinux container policies in OpenShift

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This talk will explain how SELinux works with containers. One issue with these types is that they are tough to customize. There are only two options, the first one is to use a generic SELinux policy for the container which is quite strict, or the second option is to use spc policy where the container is basically unconfined. As an example, If you had a container that you wanted to be able to gather the logs from /var/log on the host and send them to a centralized server, you have to disable SELinux separation.
We will focus on why udica is needed in the container world and how it can make SELinux and containers work better together.
We’ll also talk about how OpenShift can leverage Udica through the usage of an operator, and how this operator can help you write policies for your OpenShift workloads with minimal effort.

Speakers
avatar for Lukas Vrabec

Lukas Vrabec

Senior Software engineer & SELinux technology evangelist, Red Hat
Lukas Vrabec is a Senior Software engineer & SELinux technology evangelist at Red Hat. He is part of Security Controls team working on SELinux projects focusing especially on security policies. Lukas is author of udica, the tool for generating custom SELinux profiles for containers... Read More →
avatar for Juan Antonio Osorio Robles

Juan Antonio Osorio Robles

Principal Software Engineer, Red Hat
Juan Antonio "Ozz" Osorio Robles is a Mexican living in Finland, open source advocate, metalhead, and craft beer enthusiast. He's also sofware engineer working for Red Hat on cloud security (OpenShift/Kubernetes, Red Hat CoreOS and OpenStack).



Sunday January 26, 2020 11:00am - 11:55am CET
E105 Faculty of Information Technology Brno University of Technology, Božetěchova, Brno-Královo Pole, Czechia