We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Reindl Harald h.reindl at thelounge.net
Tue Apr 29 21:12:39 UTC 2014

Am 29.04.2014 23:09, schrieb Andrew Lutomirski:
> If you want to go down that path, set up selinux to prevent execing
> things that oughtn't to be execed.  But trying to prevent exploits
> from working by removing every possible helper from the path is a
> losing proposition and is just not worth doing

defense in depth means you are doing *both*
defense in depth means limit the attack surface as much as you can
defense in depth means place security layers behind others to surive a failing one
defense in depth means disable and remove anything which is not needed for your tasks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140429/39cf50a8/attachment.sig>

More information about the devel mailing list