Microsoft Enables SELinux By Default For CBL-Mariner Linux Distro
Saturday's CBL-Mariner 1.0 March 2022 Update 2 release has CVE fixes affecting Ruby, PostgreSQL, OpenSSL, Rust, FreeType, libxml2, Node.js, and OpenJDK.
In addition to the security fixes, the most notable change with this new update is SELinux being enabled by default on all images. Last year Microsoft added SELinux to CBL-Mariner but it was not enabled by default. Now with this latest release, Security Enhanced Linux is there by default to further secure this Microsoft Linux OS.
This new CBL-Mariner additionally makes changes around automatically restarting containerd services 10 seconds after a crash and modifying the toolkit to use local /run folder in chroot instead of mounted TMPFS file-system.
Downloads and more details on this new CBL-Mariner release from Microsoft via GitHub.