[caasp-beta] Antw: Re: Antw: Re: Antw: Re: tcpdump
Martin Weiss
Martin.Weiss at suse.com
Thu Dec 7 07:56:17 MST 2017
>>>> An other approach for all that debugging purposes could be to use a special
>>>> docker image / docker container that delivers all the trouble shooting tools
>>>> required and run that with proper elevated rights..
>
> That is either complex, as the container has not all capabilities needed
> for proper debugging purposes, or a security nightmare, or most probably
> both.
>
Yes - there is security and complexity assigned - but installing all the required debug packages on all the servers might be even worse from a security point of view and they might not be even part of the CaaSP delivery channels.
Advantage of a debug container is that it can be added on demand and cleanup is fully automated.. when installing all the debug packages these are a security problem while they are installed and the also need to be upgraded / patched etc.
So both ways have their pros and cons ;-)
Martin
More information about the caasp-beta
mailing list