For Ubuntu, the standard AppArmor policies provided by the AppArmor package are
loaded. The OpenStack-Ansible project also configures AppArmor to limit the
actions of containers and reduce the changes (and potential damages) of a
container breakout.

On CentOS 7, the ``selinux-policy-targeted`` package provides SELinux policies
that enforce limits on system services and users.