On Wed, 2013-09-11 at 12:01 -0400, Matthew Miller wrote: > So, idea one is to make something like CoreOS (http://coreos.com/): a > lightweight distribution made for running containers on top of. We wouldn't > attempt to be _as_ lightweight as CoreOS (for that, there's CoreOS), but aim > to be small while still providing key features like SELinux. How SELinux would work in a coreos/container deployment setup is an interesting question. One could imagine docker containers coming with policy modules, but that ends up tying them to a specific host version, which is kind of against the point of containers. More realistically I think one would have a relatively permissive domain (generic_container_t), and use something like MCS labels to restrict the flow of information between containers and the host. > Perhaps this > could be built with Colin Walter's OSTree (see > https://wiki.gnome.org/OSTree) for atomic updates. To follow up on this, I have been working slowly on this tool called "yum-ostree" which is designed to capture packages as OSTree commits. At the moment it's just a lame python script, but it's nearly to the point of being useful. I'll post to the generic fedora-devel-list when it's ready. As far as OSTree compared to CoreOS; the biggest difference is that the CoreOS updater mandates a particular filesystem chosen on the build server, because it sends block-level diffs. OSTree operates at the filesystem layer (like rsync), and this allows more flexibility. (At the moment though, OSTree is significantly less efficient on the network side). _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
