I have a question about SELinux (or other Mandatory Access Control) and docker.
Docker provides an isolation of resources, then why is it so important add some MAC?
(i am talking about docker technology and relation with host only, not the protection of host itself)
To be more clear:
I know it’s possible that we will discover some new bugs in namespace system, and MACs (like SELinux) can act as “second line of protection” in order to ensure isolation.
But is this all?Just a redundancy?
Or the use of this addictional security can provide some interesting feature or functionality?
In the last case, can you link me something about that?
Thank you for your time