On 05/14/2015 11:21 AM, Steve Grubb wrote:
Then I'd suggest we either scrap this set of patches and forget auditing of containers. (This would have the effect of disallowing them in a lot of environments because violations of security policy can't be detected.)
Again +1.
I personally have envisioned a use-case in which I feel containers would be architecturally ideal, however in my situation, and I'm fairly sure anyone for whom the security requirements matter (i.e. WHY we use SElinux in the first place), this is mandatory.
Without context-aware definitive audit records which discretely identify people/actions/objects, the use of any otherwise attractive technology is untenable.
LCB -- LC (Lenny) Bruzenak le...@magitekltd.com
smime.p7s
Description: S/MIME Cryptographic Signature
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
