DevConf.CZ 2020

This talk will explain how SELinux works with containers. One issue with these types is that they are tough to customize. There are only two options, the first one is to use a generic SELinux policy for the container which is quite strict, or the second option is to use spc policy where the container is basically unconfined. As an example, If you had a container that you wanted to be able to gather the logs from /var/log on the host and send them to a centralized server, you have to disable SELinux separation.
We will focus on why udica is needed in the container world and how it can make SELinux and containers work better together.
We’ll also talk about how OpenShift can leverage Udica through the usage of an operator, and how this operator can help you write policies for your OpenShift workloads with minimal effort.