Hi all,

Back in April, I announced that we work on POC how we could
automatically create SELinux security policies for different kind of
containers.

The original concept is described here:
https://github.com/fedora-selinux/container-selinux-customization

Long story short, using pre-defined policy blocks, system administrators
would be able to simply create customized SELinux policies for containers.

The goal is to create a standalone tool which would be able to do it.
It's called "udica" and you can find it here:

https://github.com/containers/udica

In this repo you can find sources and examples how to create SELinux
policy for your containers.

Udica is also available in Fedora repositories for Fedora Rawhide,
Fedora 29 and Fedora 28.

Feedback is welcome.

-- 
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.