We want to stop systemd from being added to docker images, because of rpm requiring systemctl.
linux at cmadams.net
Tue Apr 29 19:17:24 UTC 2014
Once upon a time, Reindl Harald <h.reindl at thelounge.net> said:
> wrong question - is /bin/sh used?
> if the answer is yes then the anser to your question is no
> the point is remove anything *unneeded* from production systems
> that are best practices for many years and for good reasons
No, the point is that "remove a bunch of stuff to 'secure' the system"
is not security, and should not be claimed that it is being done for
'security'. If you have bash as /bin/sh (as a 'standard' Fedora system
does), you don't need wget/curl to download stuff for example.
Can you lock that down more? Sure, you can remove network access,
remove local write access, etc. However, that is separate from removing
arbitrary binaries from the system/image. Removing non-privileged
binaries from the image does _nothing_ for security (as claimed
Chris Adams <linux at cmadams.net>
More information about the devel