We want to stop systemd from being added to docker images, because of rpm requiring systemctl.
Reindl Harald
h.reindl at thelounge.net
Tue Apr 29 21:12:39 UTC 2014
Am 29.04.2014 23:09, schrieb Andrew Lutomirski:
> If you want to go down that path, set up selinux to prevent execing
> things that oughtn't to be execed. But trying to prevent exploits
> from working by removing every possible helper from the path is a
> losing proposition and is just not worth doing
defense in depth means you are doing *both*
defense in depth means limit the attack surface as much as you can
defense in depth means place security layers behind others to surive a failing one
defense in depth means disable and remove anything which is not needed for your tasks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140429/39cf50a8/attachment.sig>
More information about the devel
mailing list