Show HN: Self-contained Redis server(github.com) |
Show HN: Self-contained Redis server(github.com) |
libcontainer explicitly doesn't claim security as a feature, so you aren't getting real security wins by doing this, especially when you can put a static redis process in cgroups and limit it down with SELinux or similar anyways, and the packaging/distribution workflow is pretty much the same as pushing a static redis around.
I feel like I'm missing something; can the author or some other knowledgable soul point out the upsides of packaging a service like this?