Containers would like to be able to make use of Linux Security Modules (LSMs), from providing more complete system virtualization to improving container confinement. To date containers access to the LSM has been limited but there has been work to change the situation.

This presentation will discuss the current state of LSM stacking and namespacing. The work being done on various security modules to support namespacing, the infrastructure work being done to improve the LSM, an examination of the remaining problems, and provide a demo of a container leveraging LSM stacking so that the host is using a different security module than that of the container.