github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-04 08:26:42 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1977 from deitch/console-login

Browse Source 
Add getty pkg
This commit is contained in:
Justin Cormack
2017-06-07 23:15:47 +01:00
committed by GitHub
parent c49a5bea5b 5db7e6fe69
commit 09e6ff2e34
10 changed files with 229 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/security.md
View File

@@ -73,9 +73,12 @@ containers unintentionally expose themselves to attack vectors, immutability of
host attack.
## Login
By default, linuxkit has no login available: not on console, not via ssh, nowhere. You have the _option_ of enabling login on console using a `linuxkit/getty` service container, but it is not created by default. Similarly, a `linuxkit/sshd` service container will start a `sshd` for you. See the [getty](../examples/getty.yml) and [sshd](../examples.sshd.yml) examples.
## External Updates - Trusted Provisioning
Following the principle of least privilege for immutable infrastructure, LinuxKit cannot have the ability or attack surface
Following the principle of least privilege for immutable infrastructure, LinuxKit cannot have the ability or attack surface
to update itself. It is the responsibility of an external system, most commonly [infrakit](https://github.com/docker/infrakit), to provision
and update LinuxKit nodes.