On 05/14/2015 11:21 AM, Steve Grubb wrote:
Then I'd suggest we either scrap this set of patches and forget
auditing of
containers. (This would have the effect of disallowing them in a lot of
environments because violations of security policy can't be detected.)
Again
+1.
I personally have envisioned a use-case in which I feel containers would
be architecturally ideal, however in my situation, and I'm fairly sure
anyone for whom the security requirements matter (i.e. WHY we use
SElinux in the first place), this is mandatory.
Without context-aware definitive audit records which discretely identify
people/actions/objects, the use of any otherwise attractive technology
is untenable.
LCB
--
LC (Lenny) Bruzenak
lenny(a)magitekltd.com