Does it make sense to use SELinux inside a chroot
jail? I am thinking that since in the chroot
jail there should only be the bare minimum, not much else could be compromised.
Is there still a benefit of using SELinux inside a chroot
jail?
chrootlinuxSecurityselinux
Does it make sense to use SELinux inside a chroot
jail? I am thinking that since in the chroot
jail there should only be the bare minimum, not much else could be compromised.
Is there still a benefit of using SELinux inside a chroot
jail?
Best Answer
Yes, it might be worth enforcing SELinux policies even in a container. One idea behind SELinux is to have a second line of defense, i.e. if some container (or
chroot
) breaks, a process within it might still not do what it wants - or, it may not even be able to break the container due to SELinux - or, it cannot even do something undesirable within the container/chroot.