Autor: segfault Datum: To: tails-dev, forgottenbeast Betreff: Re: [Tails-dev] Tails Server docker support
Hi,
forgottenbeast: > Greetings,
> I've been following the announcements about tails server and I would
> like to know if there are any plans regarding the support of docker
> containers?
>
> The use case I am thinking about would be the ability to pull a docker
> image and run it as a hidden service.
I don't think this is a bad idea, and I also thought about using docker
for Tails Server before. I'm open for discussing it (and also other
isolation methods). The current plan is to simply install services via
Debian packages and monitor them using systemd. To reduce access to the
rest of the system the plan is to use apparmor profiles and systemd
security features.
With docker I see two main problems:
1. The size of the docker images. The debian base image is > 100MB.
Downloading this would increase both the service installation time and
the requirements on the system's RAM.
2. The lack of trustworthy sources. For many services there are "public"
images available, which, IIUC, can be created and maintained by anyone.