Major Hayden bfcf6c7423 Initial import of openstack-ansible-security role
This role contains around 150 controls from the 270+ controls that exist
in the RHEL 6 STIG. New controls are still being added.

Implements: blueprint security-hardening

Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
2015-10-07 07:27:39 -05:00

373 B

Although SELinux is available on Ubuntu 14.04, the policies aren't maintained as well as they are on Red Hat-based systems. The openstack-ansible has chosen to use the more Ubuntu-compatible Linux security module, AppArmor.

AppArmor roles are configured in openstack-ansible to limit the chances of container breakout and the potential damage done in case it does occur.