Using a Different LSM from the Host in a Container - John Johansen, Canonical Forum 1 Speakers: John Johansen Despite containers being in broad use, there are still use cases where containers can not make use of Linux Security Modules (LSMs) in the way they would like. Particularly challenging is the case where the container would like to make use of a different LSM from what the host is using. This presentation will cover the challenges, pitfalls, and solutions encountered while enabling the AppArmor LSM to be used by a container while the host uses a different LSM. It will focus in particular on running snappy application and LXD systems containers leveraging AppArmor on a host using SELinux or Smack, and discuss why the inverse is currently more difficult.
