Chapter 11. Security

This chapter covers

Learning how SELinux isolates container resources
Understanding security contexts and application permissions
Scanning container images for security issues
Using security context constraints
Analyzing OpenSCAP security scan reports

Each topic in this chapter is specific to security and to making OpenShift a secure platform for your applications. This chapter isn’t a comprehensive summary of OpenShift’s security features—that would take 100 pages or more and is a great idea for another OpenShift book. What we’ll do in this chapter is walk through the fundamentals of OpenShift security. We want to give you examples of what we think are the most crucial concepts, and we’ll do our best to point you in the right direction for the topics we don’t have room to cover.

We began discussing important security concepts and making OpenShift secure not long after page 1 of this book:

Chapter 11. Security

This chapter covers

11.1. Understanding SELinux core concepts

11.2. Investigating pod security contexts in OpenShift

11.3. Scanning container images

11.4. Annotating images with security information

11.5. Summary