lockc is open supply sofware for offering MAC (Obligatory Entry Management) kind of safety audit for container workloads.
The primary purpose why lockc exists is that containers don’t comprise. Containers should not as safe and remoted as VMs. By default, they expose numerous details about host OS and supply methods to “get away” from the container. lockc goals to offer extra isolation to containers and make them safer.
The Containers don’t comprise documentation part explains what we imply by that phrase and what sort of habits we need to prohibit with lockc.
The primary know-how behind lockc is eBPF – to be extra exact, its skill to connect to LSM hooks
Please word that at present lockc is an experimental challenge, not meant for manufacturing atmosphere and with none official binaries or packages to make use of – at present the one manner to make use of it’s constructing from sources.
See the total documentation right here. And the code documentation right here.
In the event you need assistance or need to discuss with contributors, plese come chat with us on #lockc channel on the Rust Cloud Native Discord server.
lockc’s userspace half is licensed beneath Apache License, model 2.0.
eBPF packages inside lockc/src/bpf listing are licensed beneath GNU Common Public License, model 2.
