On 05/14/2015 11:21 AM, Steve Grubb wrote:
> Then I'd suggest we either scrap this set of patches and forget auditing of
> containers. (This would have the effect of disallowing them in a lot of
> environments because violations of security policy can't be detected.)
Again +1.

I personally have envisioned a use-case in which I feel containers would 
be architecturally ideal, however in my situation, and I'm fairly sure 
anyone  for whom the security requirements matter (i.e. WHY we use 
SElinux in the first place), this is mandatory.

Without context-aware definitive audit records which discretely identify 
people/actions/objects, the use of any otherwise attractive technology 
is untenable.

LCB

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com