CONTAINER HARDENING

This project will focus on hardening of Linux containers. It will help contribute patches to the Kernel Self Protection Project that evolve the primitives in the Linux kernel used by containers (namespaces, cgroups, etc) to be more secure. This will include brainstorming, designing and implementing ways to future proof namespaces et all in the kernel... Much like the Kernel Self Protection Project we think of security beyond fixing bugs. Fixing bugs is important and we will do that as well but the main value will come from finding ways to future proof namespaces with features that will eliminate undisclosed vulnerabilities. At this point, it is no longer enough to try to fix all the bugs within namespaces, we must try to find ways to make them more secure from the very foundation... We will also work to help educate people on how to use the features of Capabilities, Seccomp, AppArmor, and SELinux to harden their containers. We will try to find ways to make them more accessible to..