{"id":"rhel9-defense-in-depth-container-isolation","text":"RHEL 9 containers operate within a defense-in-depth security stack where per-container MCS categories (assigned by container-selinux) provide inter-container isolation, layered on top of SELinux type enforcement, firewalld network controls, system-wide crypto policies, and continuous audit logging — meaning container breakout must defeat not just the container boundary but every surrounding security layer.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"rhel9-defense-in-depth-container-isolation","truth_value":"IN","reason":"premise"}]}}