We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Martin Langhoff martin.langhoff at gmail.com
Tue Apr 29 21:27:35 UTC 2014

On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald <h.reindl at thelounge.net>wrote:

> defense in depth means limit the attack surface as much as you can

As folks are trying to point out to you, these principles are well
understood in this group.

However, _any minimally usable environment will have a scripting engine_ --
/bin/sh, python, and having _any_ of those general purpose tools available
is enough for the attacker.

On your own machines, you might gain some (limited) advantage removing some
of them.

Fedora and its derivatives, OTOH, are a large enough target that it's worth
for attackers to tailor attacks to it. So removing some tools won't do
much, and removing _all_ tools will ruin everyone's day.

 martin.langhoff at gmail.com
 -  ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 ~ http://docs.moodle.org/en/User:Martin_Langhoff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140429/343bb6e0/attachment.html>

More information about the devel mailing list