Software security needs reflectionIn a world hurtling forward at breakneck speed, software security depends on the developer's ability to stop and reflect on the codeApr 21Apr 21
Kubernetes and Smack: doing it without recompilationIn this blog post M. Milev shows how to use the Linux security module Smack with containerd and runc without recompilationOct 8, 2021Oct 8, 2021
Kubernetes authentication using SAML2.0In this blog post Mihail Milev presents a simple way to enable SAML2.0 authentication for the Kubernetes endpointJul 26, 2021Jul 26, 2021
Securing Kubernetes with SMACK — solving the problems of the PoCIn this follow-up post, Mihail Milev refines his Kubernetes SMACK PoC and introduces code patches for making your own, secure K8s clusterJul 5, 2021Jul 5, 2021
Using SMACK to secure K8s containers and nodes — a proof of conceptIn this post Mihail Milev demonstrates a proof of concept for securing Kubernetes containers and nodes using the SMACK Linux Security…Jun 28, 2021Jun 28, 2021
Solving AppArmor’s change_onexecIn this post Mihail Milev shows how to solve AppArmor’s block of change_onexec operationsMay 6, 2021May 6, 2021
SELinux is not hard. SELinux is hard to understandIn this article Mihail Milev tries to eliminate the myth, that SELinux is hard and offers a simple look at how it worksApr 4, 20211Apr 4, 20211
No pod to pod communication on CentOS 8, Kubernetes with CalicoThe explanation why there is no pod to pod communication in Kubernetes with Calico CNI on top of CentOS 8 and how to solve the problemMar 8, 2021Mar 8, 2021
Conditional Playbook Import in AnsibleHow to import playbooks in Ansible using variables in var files using jinja2Feb 10, 2021Feb 10, 2021
Mitigating malware risks with SELinuxSimple real-life scenario how SELinux could help mitigate the risk of malware or ransomware on a Linux machineFeb 2, 20211Feb 2, 20211