<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 2 March 2015 at 08:03, Mauricio Tavares <span dir="ltr"><<a href="mailto:raubvogel@gmail.com" target="_blank">raubvogel@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">.<br>
><br>
> That said, containers on Linux are not really about security, the<br>
> whole thing has more holes than a swiss cheese. Maybe one day the<br>
> security holes can be fixed, but as of now, it's simply not<br>
> secure. And this "information leak" is certainly the least of your<br>
> problems...<br>
><br>
</div></div> What would then be the recommended solution if containers are insecure?<br>
<div class="HOEnZb"><div class="h5"><br></div></div></blockquote><div><br></div><div><br></div><div>insecure/secure are the wrong words as they treat a spectrum as binary. All computers are insecure by various definitions (even the ones inside of 10 feet of concrete at the bottom of the ocean). The issue is what risks and problems are you willing to trade for certain benefits. If you ignore that there are risks and problems you end up with a world of hurt later, but if you don't accept any risks/problems you can never have any solution. [fully virtualized has its own problems and ways to be 'escape' that have to be mitigated and watched. the base computer has so many external controllers which might be risks that it is basically virtualized, etc.]</div><div><br></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">
> Lennart<br>
><br>
> --<br>
> Lennart Poettering, Red Hat<br>
> --<br>
> devel mailing list<br>
> <a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/devel" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/devel</a><br>
> Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct" target="_blank">http://fedoraproject.org/code-of-conduct</a><br>
--<br>
devel mailing list<br>
<a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/devel" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/devel</a><br>
Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct" target="_blank">http://fedoraproject.org/code-of-conduct</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Stephen J Smoogen.<br><br></div></div>
</div></div>