On Mon, Feb 22, 2016 at 9:54 AM, Courtney Pacheco <cpacheco@xxxxxxxxxx> wrote: > Hi everyone, > > I've spent some time trying to minimize the footprint of the Fedora docker > base image. Overall, I managed to reduce its size by 39.9%. Thanks for doing this. It is great to see someone working on minimization. > A summary of the work I did can be found here: > https://gist.github.com/iamcourtney/1a4af7c4289014f57080 > > If you're interested, you can find a more detailed version of the above work > here: https://gist.github.com/iamcourtney/b8709ed897b7ecc9ac0f > > I essentially looked at which packages were being installed to the base > image and tried to determine which of those packages could be turned into > weak dependencies and which of those packages we could possibly break up. > > If possible, I'd like some feedback on the work I did. Comments and > criticism are more than welcomed! I realize there may be some controversy in > terms of what I chose to remove and what I chose to turn into weak > dependencies, but I would like to hear your thoughts either way. On the "Kernel Packages" section, I tend to agree that kmod and kmod-libs likely don't make sense in a docker container. However, libseccomp should likely remain. The library is there to make use of the in-kernel seccomp functionality, and systemd and other applications use it to limit their syscall interface to the kernel. This reduces the potential attack surface, and in essence at least helps containers actually contain. josh -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx