[Container-tools] [Devtools] openshift is way too permissive in the CDK/ADB
Clayton Coleman
ccoleman at redhat.com
Wed May 18 18:48:12 UTC 2016
Mostly that it's still experimental, will probably be enabled but not
considered "secure" in OpenShift 3.3 on Docker 1.10, and we're still
working to add the right controls and get soak time so that by the
time we get to Docker 1.12/1.13 we can say "it's actually secure".
On Wed, May 18, 2016 at 2:46 PM, Hardy Ferentschik <hferents at redhat.com> wrote:
> Hi,
>
> On Wed, 18-May-2016 07:10, Clayton Coleman wrote:
>> It was a deliberate choice, predicated on other changes coming to
>> Docker (user namespaces) plus the desire to ensure demos run.
>>
>> Ultimately, the CDK is a playground. Putting up chain link fences
>> around the playground sends the wrong message.
>>
>> I'd prefer to have it easier to go between the levels in the short
>> term than to ratchet it back.
>
> +1 to all the above.
>
> My understanding was anyways that in with the upcoming user namespaces
> things would change and the problem would "go away". Where do things
> stand regarding this feature?
>
> --Hardy
>
More information about the Container-tools
mailing list