Articles

Articles, Blog, Podman

Why does SELinux container policy allow all Linux capabilities?

August 22, 2023

I recently had a discussion in a container-selinux issue on why we allow certain capabilities by default for containers. The conversation is around DAC_OVERRIDE, a Linux capability which allows privileged processes, usually root, to ignore ownership and read/write permissions Discretionary Access Control (DAC). “As @wrabcak notes in Why do you see DAC_OVERRIDE SELinux denials?, In…
Read more: Why does SELinux container policy allow all Linux capabilities?
Articles, Blog, Podman

Podman v4.6 Introduces Podmansh: A Revolutionary Login Shell

August 9, 2023

Introduction In the ever-evolving landscape of container technology, Podman’s latest version, v4.6.0, includes a feature that promises to be a game-changer for system administrators: Podmansh. A login shell that leverages Podman’s robust container management capabilities. Podmansh is set to redefine the way users interact with systems, while ensuring maximum security and control for administrators. Why…
Read more: Podman v4.6 Introduces Podmansh: A Revolutionary Login Shell
Articles, Blog, Podman

Podman Performance: Root and Rootless

July 3, 2023

One of the frequent complaints I hear from users moving to Podman is about performance. I’ve always found this confusing, as the Podman team has spent significant time and effort on improving our performance, and we are quite confident that our speed is broadly comparable to Docker. Indeed, an academic paper found that Podman was…
Read more: Podman Performance: Root and Rootless

Containers

Articles

Why does SELinux container policy allow all Linux capabilities?

Podman v4.6 Introduces Podmansh: A Revolutionary Login Shell

Podman Performance: Root and Rootless

Subscribe

Latest news

Categories

Search