In this final entry for the container security series, we'll look at network traffic control for containers running in Red Hat OpenShift…read full post

In our last post we talked about using Multi-Category Security (MCS) instead of Multi-Level Security (MLS) to provide isolation on systems with different levels of…read full post

In this post, we look at Control-Flow Integrity (CFI) protection implemented by the Clang compiler for x86_64 architecture…read full post

Red Hat’s virtualization ecosystem consists of QEMU, an emulator, and Linux's Kernel-based Virtual Machine (KVM), an in-kernel driver along with many other software projects that…read full post

In our last post, we discussed SELinux and how it can be used to improve container security. We also looked at the Multi-Level Security (MLS)…read full post

An optimizing compiler is one that tries to maximize some attributes of an executable program at the expense of other attributes. Most modern compilers support…read full post

This post looks at the vulnerability discovered in the Datagram Transport Layer Security (DTLS) found in GnuTLS recently…read full post

In the first of a four-part series, we will look at how containers can be isolated from the host system and each other…read full post

This post explains how to customize crypto policies in Red Hat Enterprise Linux 8.2…read full post

If you're pulling Linux container images by their "short name" you may be at risk. This post explains how to use the fully qualified name…read full post