openstack/openstack-ansible-security
Code Issues Proposed changes
fe39a30c98
openstack-ansible-security/doc/metadata/rhel6/V-51369.rst
Andy McCrae fe39a30c98 Revert "Retire openstack-ansible-security" 
This reverts commit ea9b39d723.
In order to release stable/pike we need this to still be present.
https://review.openstack.org/#/c/502063/ is failing.

Once we release stable/pike we can figure out how to properly remove
this repository.

Change-Id: I50308b1c3001371d4554b6c2640bd5384e870a53
2017-09-13 10:34:55 -06:00

496 B
Raw Blame History

---id: V-51369 status: implemented tag: misc ---

For Ubuntu, the standard AppArmor policies provided by the AppArmor package are loaded. The OpenStack-Ansible project also configures AppArmor to limit the actions of containers and reduce the changes (and potential damages) of a container breakout.

On CentOS 7, the selinux-policy-targeted package provides SELinux policies that enforce limits on system services and users. SELinux is configured to use the targeted policy by default.