Re: CoreOS membership to linux-distros (updated)

[Jesse Hertz <jesse_hertz () apple com>]

Additionally, Docker doesn't maintain a kernel distribution, whereas OpenVZ does, making this request strange to say 
the least.

I also think its disingenuous to imply there's "one patch" that divides a secure containerization system from another. 
Container/Kernel security is... quite complicated to say the least.
> On Jul 20, 2017, at 6:42 AM, Greg KH <greg () kroah com> wrote:
>
> On Thu, Jul 20, 2017 at 07:13:03AM +0300, gremlin () gremlin ru wrote:
> > On 2017-07-18 14:56:23 -0700, Euan Kemp wrote:
> >
> > > I???ve listed each criterion and why I think we, the Container
> > > Linux team at CoreOS, qualify.
> > >
> > >
> > > > 1. Be an actively maintained Unix-like operating system distro
> > > > with substantial use of Open Source components
> > > All components of the distro are open source, as are all the
> > > tools used to build it.
> >
> > Prior to any decision to be made, I'd ask you to show the kernel
> > patch which you use to avoid escaping from the container to host
> > system (Docker allows such escape, OpenVZ does not). Could you,
> > please, show it?
>
> All of CoreOS's kernel patches are public, here's their latest branch:
>       https://github.com/coreos/linux/tree/v4.12.2-coreos
>
> But what does a specific kernel patch have to do with linux-distro's
> membership requirements?
>
> confused,
>
> greg k-h

Attachment: signature.asc
Description: Message signed with OpenPGP