all InfoSec news
Must know — Container Security Constructs: Namespace, SecComp, Control Groups, SELinux
DEV Community dev.to
SELinux
SELinux (Security-Enhanced Linux) is a mandatory access control system for processes. Linux kernel uses SELinux to protect processes from each other and to protect the host system from its running processes. Processes run as a confined SELinux type that has limited access to host system resources.
Condition that brings SELINUX into action. Check or configure file /etc/selinux/config for possible SELINUX values:
- SELINUX=disabled or
- SELINUX=enforcing or
- SELINUX=permissive
Seccomp
Seccomp stands for secure computing mode.
The seccomp() system call operates on …
access access control action aws check container containers container security control control system disabled etc host kernel linux linux kernel namespace processes protect resources run seccomp security system