0d894f572a
Implements: blueprint security-hardening Change-Id: Iad9f2e4e98815794e3ec84cb5f4b7194512d666f
321 B
321 B
Exception
Although SELinux works through a labeling system where every file (including devices) receive a label, AppArmor works purely through policies without labels. However, openstack-ansible does configure several AppArmor policies to reduce the chances and impact of LXC container breakouts on OpenStack hosts.