Is systemd within a Docker container still recommended?
Stephen John Smoogen
smooge at gmail.com
Mon Mar 2 15:43:00 UTC 2015
On 2 March 2015 at 08:03, Mauricio Tavares <raubvogel at gmail.com> wrote:
> .
> >
> > That said, containers on Linux are not really about security, the
> > whole thing has more holes than a swiss cheese. Maybe one day the
> > security holes can be fixed, but as of now, it's simply not
> > secure. And this "information leak" is certainly the least of your
> > problems...
> >
> What would then be the recommended solution if containers are
> insecure?
>
>
insecure/secure are the wrong words as they treat a spectrum as binary. All
computers are insecure by various definitions (even the ones inside of 10
feet of concrete at the bottom of the ocean). The issue is what risks and
problems are you willing to trade for certain benefits. If you ignore that
there are risks and problems you end up with a world of hurt later, but if
you don't accept any risks/problems you can never have any solution. [fully
virtualized has its own problems and ways to be 'escape' that have to be
mitigated and watched. the base computer has so many external controllers
which might be risks that it is basically virtualized, etc.]
> Lennart
> >
> > --
> > Lennart Poettering, Red Hat
> > --
> > devel mailing list
> > devel at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/devel
> > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>
--
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150302/ffca0b59/attachment.html>
More information about the devel
mailing list