This. On RHEL (or Fedora or CentOS Stream) containers are confined by the container_t domain and SELinux policy prevents them from interfering with host resources. In addition each container runs with a unique set of MCS labels, which stops a rogue container from interfering with other containers.
This. On RHEL (or Fedora or CentOS Stream) containers are confined by the
container_t
domain and SELinux policy prevents them from interfering with host resources. In addition each container runs with a unique set of MCS labels, which stops a rogue container from interfering with other containers.