github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-04 00:18:53 +00:00
Code Issues Projects Releases Wiki Activity

Add getty pkg

Browse Source 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
This commit is contained in:
Avi Deitcher
2017-06-05 20:43:25 +03:00
parent 4b60965990
commit 5db7e6fe69
10 changed files with 229 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/security.md
View File

@@ -73,9 +73,12 @@ containers unintentionally expose themselves to attack vectors, immutability of
host attack.
## Login
By default, linuxkit has no login available: not on console, not via ssh, nowhere. You have the _option_ of enabling login on console using a `linuxkit/getty` service container, but it is not created by default. Similarly, a `linuxkit/sshd` service container will start a `sshd` for you. See the [getty](../examples/getty.yml) and [sshd](../examples.sshd.yml) examples.
## External Updates - Trusted Provisioning
Following the principle of least privilege for immutable infrastructure, LinuxKit cannot have the ability or attack surface
Following the principle of least privilege for immutable infrastructure, LinuxKit cannot have the ability or attack surface
to update itself. It is the responsibility of an external system, most commonly [infrakit](https://github.com/docker/infrakit), to provision
and update LinuxKit nodes.