On Sun, 2016-07-10 at 17:11 +0200, Ralf Mardorf wrote: > Hi, > > there's an interesting counter-argument against something similar to > snapcraft/snappy. > > https://lists.archlinux.org/pipermail/arch-general/2016-July/041579.h > tml >
That's the security team going off into lala land with a bunch of overblown wargarble. Basically, containers completely, 100% perfectly isolate software on the system from other software execution environments. That means the file system, devices, network stacks (tcpdump!), and so forth are all as reachable as if you're on another machine. The Security team points out that a kernel-level exploit will allow you to route around this. They take that observation to mean that containers supply zero security, and that a compromise in a container is a system level compromise. To follow that logic completely: there's no such thing as security anyway, because Linux has to accept a TCP packet into its network stack to even look at it in iptables, thus any network-reachable machine is already compromised. The argument from the security team essentially fails to create risk models and assess probability and severity of the compromises they describe. Instead of recognizing, categorizing, and accounting for those risks, they just run around flailing their arms and scream that the sky is falling into the face of every passer-by to whom they can get close enough. Whoever wrote that message isn't qualified to handle computer security concerns. > I guess snapcraft/snappy and anything similar could be useful, but > indeed, IMO those are good reasons to not become too much used to > this > approach. > > Regards, > Ralf > -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
