Hi All,
Back in April, I announced that we work on POC how we could automatically create SELinux security policies for different kind of containers.
The original concept is described here: https://github.com/fedora-selinux/container-selinux-customization
Long story short, using pre-defined policy blocks, system administrators would be able to simply create customized SELinux policies for containers.
The goal is to create a standalone tool which would be able to do it. And we a have a prototype now. It's called "udica" and you can find it here:
https://github.com/containers/udica
In this repo you can find sources and examples how to create SELinux policy for your containers.
I also created copr repository for Fedora 29 and Rawhide:
https://copr.fedorainfracloud.org/coprs/lvrabec/udica/
Feedback is welcome. Any issues please report in github issues tracking system.
Thanks, Lukas.
selinux@lists.fedoraproject.org