One thing I always look into when deploying Linux distributions is whether they ship a configured LSM out of the box (SELinux, or AppArmor mostly).

But I'm wondering how important this is, really. I've been trying to find examples of real-world (so not purely theoretical) exploits and issues which have cropped up over the years which ended up not being effective against systems with a proper LSM deployed.

It seems like SELinux mitigated a container vulnerability [back in 2017](https://www.redhat.com/en/blog/selinux-mitigates-container-vulnerability), and then another one [in 2019](https://www.redhat.com/en/blog/latest-container-exploit-runc-can-be-blocked-selinux).

Searching for these examples is quite challenging because I'm just running into vulnerability reports for SELinux and AppArmor themselves, and not examples of vulnerabilities which they were able to mitigate or protect against.

Does anyone else have any good examples of this?

submitted by /u/PusheenButtons
[comments]

This site uses Akismet to reduce spam. Learn how your comment data is processed.