You're reading from Podman for DevOps Containerization reimagined with Podman and its companion tools

Product type Paperback

Published in Apr 2022

Publisher Packt

ISBN-13 9781803248233

Length 518 pages

Edition 1st Edition

Tools

Podman

Concepts

Containerization

Authors (2):

Gianni Salinetti

Alessandro Arrichiello

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1: From Theory to Practice: Running Containers with Podman

2. Chapter 1: Introduction to Container Technology FREE CHAPTER

3. Chapter 2: Comparing Podman and Docker

4. Chapter 3: Running the First Container

5. Chapter 4: Managing Running Containers

6. Chapter 5: Implementing Storage for the Container's Data

7. Section 2: Building Containers from Scratch with Buildah

8. Chapter 6: Meet Buildah – Building Containers from Scratch

9. Chapter 7: Integrating with Existing Application Build Processes

10. Chapter 8: Choosing the Container Base Image

11. Chapter 9: Pushing Images to a Container Registry

12. Section 3: Managing and Integrating Containers Securely

13. Chapter 10: Troubleshooting and Monitoring Containers

14. Chapter 11: Securing Containers

15. Chapter 12: Implementing Container Networking Concepts

16. Chapter 13: Docker Migration Tips and Tricks

17. Chapter 14: Interacting with systemd and Kubernetes

18. Other Books You May Enjoy

SELinux interaction with containers

In this section, we will discuss SELinux policies and introduce Udica, a tool that's used to generate SELinux profiles for containers.

SELinux works directly in kernel space and manages object isolation while following a least-privilege model that contains a series of policies that can handle enforcing or exceptions. To define these objects, SELinux uses labels that define types. By default, SELinux works in Enforcing mode, denying access to resources with a series of exceptions defined by policies. To disable Enforcing mode, SELinux can be put in Permissive mode, where violations are only audited, without them being blocked.

Security Alert

As we mentioned previously, switching SELinux to Permissive mode or completely disabling it is not a good practice as it opens you up to potential security threats. Instead of doing that, users should create custom policies to manage the necessary exceptions.

By default, SELinux uses a targeted...

The rest of the chapter is locked

You're reading from Podman for DevOps Containerization reimagined with Podman and its companion tools

Table of Contents (19) Chapters

SELinux interaction with containers

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you