Hi, forgottenbeast: > Greetings, > I've been following the announcements about tails server and I would > like to know if there are any plans regarding the support of docker > containers? > > The use case I am thinking about would be the ability to pull a docker > image and run it as a hidden service.
I don't think this is a bad idea, and I also thought about using docker for Tails Server before. I'm open for discussing it (and also other isolation methods). The current plan is to simply install services via Debian packages and monitor them using systemd. To reduce access to the rest of the system the plan is to use apparmor profiles and systemd security features. With docker I see two main problems: 1. The size of the docker images. The debian base image is > 100MB. Downloading this would increase both the service installation time and the requirements on the system's RAM. 2. The lack of trustworthy sources. For many services there are "public" images available, which, IIUC, can be created and maintained by anyone. Cheers _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
