On Wed, Nov 20, 2013 at 04:02:18PM -0500, boden wrote:
I'm attempting to build/use libvirt-sandbox on Ubuntu 12.xx.
Although I'm still working through dependency issues (including the
need for libvirt >= 1.0.2 which is not packaged for ubuntu 12.xx) to
build the sandbox code, I have a forward looking question.
It appears libvirt-bin for Ubuntu likes apparmor as does most Ubuntu
based packages using a LSM impl. However, as I understand
libvirt-sandbox is integrated with SELinux to provide security
isolation of containers...
My question becomes -- *should* libvirt-sandbox work on Ubuntu
assuming I use the ubuntu libvirt-bin package and replace apparmor
with selinux? Or am I flat out walking into quicksand on Ubuntu
here?
Without the security aspect of libvirt-sandbox, I wonder if its
viable on ubuntu for those looking to mitigate container security?
We attempted to design the APIs and command line tool syntax such
that it can be ported to apparmour. We've made no attempt to actually
do such a port though. It might be that in 'dynamic' mode, the apparmour
stuff actually 'just works', but I'm really not sure.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|