Skip to content
This repository has been archived by the owner on Dec 23, 2020. It is now read-only.

Add AppArmor profiles to limit exec capabilities in containers #18

Open
ikreymer opened this issue Dec 8, 2015 · 1 comment
Open

Add AppArmor profiles to limit exec capabilities in containers #18

ikreymer opened this issue Dec 8, 2015 · 1 comment
Labels
security

Comments

@ikreymer
Copy link
Member

ikreymer commented Dec 8, 2015

Create profiles for different browsers, probably using
https://github.com/jfrazelle/bane to restrict execution with browser containers

This should address some (but not all) of the more serious security issues.
@ikreymer ikreymer changed the title Add apparmour profiles to limit exec capabilities in containers Add AppArmor profiles to limit exec capabilities in containers Dec 8, 2015
ikreymer added a commit that referenced this issue Dec 10, 2015
@ikreymer
security: disable execution of xterm (and any term), related to #18 (…
73efea7 
…just disabling directly w/o apparmor)

also set http_proxy and https_proxy globally
@ikreymer
Copy link
Member Author

Found a perhaps simpler solution, just disabling execution of *term in all containers, solves most serious issue with linux browsers.. will see if custom apparmor still necessary -- Docker already provides a default one

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ikreymer