linuxkit icon indicating copy to clipboard operation
linuxkit copied to clipboard
verified publisher icon linuxkit

Support a linux security module

Open justincormack opened this issue 10 years ago • 6 comments

Either grsecurity or apparmor I guess, not selinux.

justincormack avatar Apr 21 '16 14:04 justincormack

👍 👍 👍

Especially running on cloud, this could be a really nice feature, and an additional carrot to using the OS.

nathanleclaire avatar May 09 '16 20:05 nathanleclaire

I have been talking to @ncopa today about grsecurity as he is in Cambridge. There are some issues, eg aufs support is a problem, but it is definitely an attractive option.

justincormack avatar May 09 '16 20:05 justincormack

Given the recent meltdown grsecurity had on Twitter and elsewhere (http://www.theregister.co.uk/2016/04/27/linux_security_bug_report_row/), I am a bit hesitant on grsecurity from a "social" perspective (and the likelihood of it getting actually upstreamed into the kernel seems low based on what I'm gathering, which is really unfortunate). However, it seems to really have a lot to offer from a technical perspective, so it's certainly worth a look, and upstream Alpine clearly favors it.

I'd be curious what @nicolaka @huslage @metcalfc are seeing and hearing from customers in terms of what they want, or what they think they want, in this regard. I rarely heard grsecurity specifically mentioned in my time as an SE, but granted that was a while ago when people were just trying to figure out what the heck Docker even was.

Probably there's a sweet spot of customer security demand vs. the convenience tradeoffs of increased security we should be aiming for? If there's low-hanging fruit, maybe we can tackle that first, then move on to slightly more aggressive functionality.

Also, of course, would be great to get @diogomonica @NathanMcCauley 2c, since they are very good at evaluating these tradeoffs in my experience.

Another thing to consider, is if we might want to implement some kind of auto-updating kernel functionality like CoreOS does someday (Greg Kroah-Hartman argues for this here in discussing some 4.6 features, and grsecurity published a rebuttal -- they're both worth reading IMO). The "channels" idea seems like a perfect fit for this in some ways.

We could also consider having a build that boots with grsecurity enabled and one without, but usually stuff like that hasn't worked out well for me in the past (test matrix hell).

nathanleclaire avatar May 18 '16 21:05 nathanleclaire

@justincormack any news on this? I'm specifically interested in apparmor support.

luan avatar Jul 14 '17 18:07 luan

+1 to apparmor in the kernel.

pkutishch avatar Jun 08 '22 12:06 pkutishch