Re: docker.io wheezy-backport

To: debian-backports@lists.debian.org
Subject: Re: docker.io wheezy-backport
From: Simon McVittie <smcv@debian.org>
Date: Mon, 10 Feb 2014 13:10:44 +0000
Message-id: <[🔎] 52F8CFD4.9040509@debian.org>
In-reply-to: <[🔎] 20140209174158.GA31571@alice.nomadium.lan>
References: <[🔎] 20140209174158.GA31571@alice.nomadium.lan>

On 09/02/14 17:41, Miguel Landaeta wrote:
> During this weekend I was playing with Docker and since I noticed 
> there are no backports for stable right now, I decided to try to 
> backport it.

Does it need a newer kernel/LXC than what's in wheezy for it to be secure?

<http://blog.bofh.it/debian/id_413> was a couple of years ago, so I
hope that improvements in the kernel mean it's no longer valid... but
I haven't seen anything specifically say that it isn't.

Similarly,
<https://wiki.gentoo.org/wiki/LXC#MAJOR_Temporary_Problems_with_LXC_-_READ_THIS>
and <https://wiki.ubuntu.com/UserNamespace> seem relevant, although
they are hopefully just outdated.

<http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/>
claims that the warning given in the Gentoo article is not relevant to
Linux 3.8+, but wheezy only has 3.2.

Depending on a newer kernel is awkward, unfortunately. Perhaps it'd be
worth discussing this with the Debian kernel maintainers.

    S

Reply to:

Follow-Ups:
- Re: docker.io wheezy-backport
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- docker.io wheezy-backport
  - From: Miguel Landaeta <nomadium@debian.org>

Prev by Date: Re: docker.io wheezy-backport
Next by Date: Re: docker.io wheezy-backport
Previous by thread: Re: docker.io wheezy-backport
Next by thread: Re: docker.io wheezy-backport
Index(es):
- Date
- Thread