Hi!
On Fri, Feb 27, 2015 at 10:38:34AM -0600, Alex Brandt wrote:
> Somewhat sarcastic but actually true. I don't recommend running
> production applications inside of Gentoo based containers.
This makes sense for Gentoo, but my question was CC: to this list not as
off-topic, my host will be Hardened Gentoo, so kernel used by docker
images will support GrSecurity&PaX, and I wanna have protection provided
by hardened gcc for binaries run inside docker images.
> I highly recommend making containers as small as possible. That
> means using statically linked executables and removing all
> traces of what we know as a distribution. Production containers
> should not be based on Gentoo images.
Okay, not sure why it's so important, but this doesn't change anything -
these statically linked executables without any traces of Gentoo still
should be compiled with hardened gcc.
> docker pull ${NEW_IMAGE}
So, what $NEW_IMAGE should be to let me get small nice image with
up-to-date binaries built with hardened gcc? :-)
--
WBR, Alex.
