http://wiki.infrazone.cc/ 2026-04-19T17:05:00+00:00 http://wiki.infrazone.cc/ http://wiki.infrazone.cc/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2026-04-13T20:40:27+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.infrazone.cc/doku.php?id=bookstack:work:drivesec:docker&rev=1776112827&do=diff Docker Useful resources Building docker images  How does the docker cache works  Multi stages build use cases  Buildkit Cach Mount text/html 2026-04-13T20:40:27+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.infrazone.cc/doku.php?id=bookstack:work:drivesec:docker_ql1&rev=1776112827&do=diff Docker https://github.com/krallin/tini text/html 2026-04-13T20:40:27+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.infrazone.cc/doku.php?id=bookstack:work:drivesec:framework_architecture&rev=1776112827&do=diff Framework Architecture Used languages For modules that require the use of Docker (and therefore the use of Docker APIs), Go and Python can be considered. This is because they are the only two languages for which official SDKs are provided. There are unofficial libraries available for other programming languages, but they rely on the fact that Docker provides REST APIs on a Unix socket. text/html 2026-04-13T20:40:27+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.infrazone.cc/doku.php?id=bookstack:work:drivesec:qa&rev=1776112827&do=diff Q/A 10/10/2023 SELinux:      D: Multi Level Security può essere una buona tecnologia per il nostro Use case?     R: Multi Level Security è una modalità di utilizzo di SELinux in cui le possibilità di configurazione esplodono: ad ogni soggetto (processo) e ogni oggetto (file, socket, text/html 2026-04-13T20:40:27+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.infrazone.cc/doku.php?id=bookstack:work:drivesec:selinux&rev=1776112827&do=diff SELinux Procfs In order to protect the system against memory dumps, it is needed limit access to minimum as possible to /proc. This folder contains a pseudo-filesystem which provides which provides an interface to kernel data structures^[1]. Doing some basic test, SELinux define a protection against non-owned processes. An user, even if escalated to root, cannot access to root processes, because of SELinux labels. text/html 2026-04-13T20:40:27+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.infrazone.cc/doku.php?id=bookstack:work:drivesec:todos&rev=1776112827&do=diff TODOS * ☒ SELinux * ☒ Multi Level Security * ☒ Ram Security - Protect against memory dumps * ☒ Test catalog / test execution: Understand if it is possible to parallelize the work in two context * ☒ Analyze which language can run with docker / ECR / registry * ☒ Download box configurations directly from Box instead of having local files