Is systemd within a Docker container still recommended?

Stephen John Smoogen smooge at
Mon Mar 2 15:43:00 UTC 2015

On 2 March 2015 at 08:03, Mauricio Tavares <raubvogel at> wrote:

> .
> >
> > That said, containers on Linux are not really about security, the
> > whole thing has more holes than a swiss cheese. Maybe one day the
> > security holes can be fixed, but as of now, it's simply not
> > secure. And this "information leak" is certainly the least of your
> > problems...
> >
>       What would then be the recommended solution if containers are
> insecure?

insecure/secure are the wrong words as they treat a spectrum as binary. All
computers are insecure by various definitions (even the ones inside of 10
feet of concrete at the bottom of the ocean). The issue is what risks and
problems are you willing to trade for certain benefits. If you ignore that
there are risks and problems you end up with a world of hurt later, but if
you don't accept any risks/problems you can never have any solution. [fully
virtualized has its own problems and ways to be 'escape' that have to be
mitigated and watched. the base computer has so many external controllers
which might be risks that it is basically virtualized, etc.]

> Lennart
> >
> > --
> > Lennart Poettering, Red Hat
> > --
> > devel mailing list
> > devel at
> >
> > Fedora Code of Conduct:
> --
> devel mailing list
> devel at
> Fedora Code of Conduct:

Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the devel mailing list