diff --git a/doc/source/developer-notes/V-51379.rst b/doc/source/developer-notes/V-51379.rst new file mode 100644 index 00000000..393e1b4f --- /dev/null +++ b/doc/source/developer-notes/V-51379.rst @@ -0,0 +1,7 @@ +**Exception** + +Although SELinux works through a labeling system where every file (including +devices) receive a label, AppArmor works purely through policies without +labels. However, openstack-ansible does configure several AppArmor policies +to reduce the chances and impact of LXC container breakouts on OpenStack +hosts.