We present a recipe for improving the code integrity of a container host based on Azure Linux, at scale on Microsoft Azure. From the perspective of a cloud provider, there is a serious need to protect the integrity of a container host runtime from its tenant container workloads that require privileged access while not sacrificing performance or serviceability requirements. One of the important ingredients is the Integrity Policy Enforcement (IPE) Linux Security Module developed at Microsoft and accepted into the upstream Linux Kernel Version 6.10.
