Date: Thu, 20 Jul 2017 15:04:30 -0400 From: Jesse Hertz <jesse_hertz@...le.com> To: oss-security@...ts.openwall.com Subject: Re: CoreOS membership to linux-distros (updated) Additionally, Docker doesn't maintain a kernel distribution, whereas OpenVZ does, making this request strange to say the least. I also think its disingenuous to imply there's "one patch" that divides a secure containerization system from another. Container/Kernel security is... quite complicated to say the least. > On Jul 20, 2017, at 6:42 AM, Greg KH <greg@...ah.com> wrote: > > On Thu, Jul 20, 2017 at 07:13:03AM +0300, gremlin@...mlin.ru wrote: >> On 2017-07-18 14:56:23 -0700, Euan Kemp wrote: >> >>> I???ve listed each criterion and why I think we, the Container >>> Linux team at CoreOS, qualify. >>> >>> >>>> 1. Be an actively maintained Unix-like operating system distro >>>> with substantial use of Open Source components >>> All components of the distro are open source, as are all the >>> tools used to build it. >> >> Prior to any decision to be made, I'd ask you to show the kernel >> patch which you use to avoid escaping from the container to host >> system (Docker allows such escape, OpenVZ does not). Could you, >> please, show it? > > All of CoreOS's kernel patches are public, here's their latest branch: > https://github.com/coreos/linux/tree/v4.12.2-coreos > > But what does a specific kernel patch have to do with linux-distro's > membership requirements? > > confused, > > greg k-h Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ