Hi All ,
For one of our internal projects we wanted to evaluate the functionality below .
Can group member please share any input w.r.t below aspect can be
implemented or any pointers on same :
a) Is there any mechanism to generate an event / notification for
selinux denials
( like say we have an action which is denied , so instead of user
reading log
file if there is any notification mechanism which can be used )
b) If there is any mechanism to block calling of certain system call's
/ library calls .
( idea is to discourage certain instances of container to avoid calling some
predefined system call & library functions )
Any pointers or comments or feedback on these two points will be helpful .
Thanks ,
Ashish
