Daniel Walsh has worked in the computer security field for almost 30 years. Dan joined Red Hat in August 2001. Dan leads the RHEL Docker enablement team since August 2013, but has been working on container technology for several years. He has led the SELinux project, concentrating on the application space and policy development. Dan helped developed sVirt, Secure Virtualization. He also created the SELinux Sandbox, the Xguest user and the Secure Kiosk. Previously, Dan worked Netect/Bindview's on Vulnerability Assessment Products and at Digital Equipment Corporation working on the Athena Project, AltaVista Firewall/Tunnel (VPN) Products. Dan has a BA in Mathematics from the College of the Holy Cross and an MS in Computer Science from Worcester Polytechnic Institute.
Authored Comments
Well we can handle some transition rules better the Docker Daemon. But since I added and maintain the SELinux work in Docker/Moby I want to keep them best in class as well.
Well not really. You would run a root/priv process within a container for exactly the same reason that you would run one on the host system. To allow it access to system services that are not available to non-privileged processes. The basic idea of this article is to treat these processes the same. In the next article, I will cover what we are doing to make docker mor secure.