|
|
Subscribe / Log in / New account

PostgreSQL considers seccomp() filters

PostgreSQL considers seccomp() filters

Posted Oct 1, 2019 19:56 UTC (Tue) by dezgeg (subscriber, #92243)
In reply to: PostgreSQL considers seccomp() filters by kfox1111
Parent article: PostgreSQL considers seccomp() filters

Never applying any updates sounds quite counterproductive from security point of view (which was the whole reason for the syscall filtering)...

to post comments

PostgreSQL considers seccomp() filters

Posted Oct 2, 2019 0:31 UTC (Wed) by kfox1111 (subscriber, #51633) [Link] (1 responses)

Your assuming updates need to be applied from within, rather then from without.

You don't upgrade the contents of a container. You launch an upgraded container.

PostgreSQL considers seccomp() filters

Posted Oct 25, 2019 5:45 UTC (Fri) by ssmith32 (subscriber, #72404) [Link]

This is generally a good idea - but I find the fixed-state model of containers, that works well for well-designed useful, but simple (in a good way) services inflicts a lot of pain when you apply it to a service whose main point is to manipulate complex state in complex ways.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds