yrro

joined 1 year ago
[–] yrro@alien.top 1 points 1 year ago

This. On RHEL (or Fedora or CentOS Stream) containers are confined by the container_t domain and SELinux policy prevents them from interfering with host resources. In addition each container runs with a unique set of MCS labels, which stops a rogue container from interfering with other containers.