undefined | Better HN

0 pointsnl11y ago0 comments

The SELinux talks looks interesting. I spent a while trying to get SELinux and Docker working together[1]. I'll need to watch that.

[1] https://groups.google.com/forum/#!searchin/docker-user/SELin...

0 comments

walterbell11y ago

Does anyone use AppArmor in production? It isn't very visible.

Future hardware isolation: http://css.csail.mit.edu/6.858/2013/readings/intel-sgx.pdf

nlOP11y ago

You may find MBox interesting:

Mbox is a lightweight sandboxing mechanism that any user can use without special privileges in commodity operating systems.

http://pdos.csail.mit.edu/mbox/

I had trouble running it in Ubuntu because of AppArmor..

walterbell11y ago

Thanks. Looks like one of those voluntary rootkits that installs defensive code in a role that malware has been known to occupy. It's a good sign for AppArmor that it prevented it from running :)

1 more reply

j / k navigate · click thread line to collapse

0 pointsnl11y ago0 comments

The SELinux talks looks interesting. I spent a while trying to get SELinux and Docker working together[1]. I'll need to watch that.

[1] https://groups.google.com/forum/#!searchin/docker-user/SELin...

0 comments

walterbell11y ago

Does anyone use AppArmor in production? It isn't very visible.

Future hardware isolation: http://css.csail.mit.edu/6.858/2013/readings/intel-sgx.pdf

nlOP11y ago

You may find MBox interesting:

Mbox is a lightweight sandboxing mechanism that any user can use without special privileges in commodity operating systems.

http://pdos.csail.mit.edu/mbox/

I had trouble running it in Ubuntu because of AppArmor..

walterbell11y ago

Thanks. Looks like one of those voluntary rootkits that installs defensive code in a role that malware has been known to occupy. It's a good sign for AppArmor that it prevented it from running :)

1 more reply

j / k navigate · click thread line to collapse