321 B
321 B
Exception
Although SELinux works through a labeling system where every file (including devices) receive a label, AppArmor works purely through policies without labels. However, openstack-ansible does configure several AppArmor policies to reduce the chances and impact of LXC container breakouts on OpenStack hosts.