V-51739: LSM device labeling exception

Implements: blueprint security-hardening

Change-Id: Iad9f2e4e98815794e3ec84cb5f4b7194512d666f
This commit is contained in:
Major Hayden 2015-10-13 09:01:52 -05:00
parent 241f6cd074
commit 0d894f572a

View File

@ -0,0 +1,7 @@
**Exception**
Although SELinux works through a labeling system where every file (including
devices) receive a label, AppArmor works purely through policies without
labels. However, openstack-ansible does configure several AppArmor policies
to reduce the chances and impact of LXC container breakouts on OpenStack
hosts.