Is it acceptable to package non-bootable kernels?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(This message was originally sent to the Packaging mailing list, where
Jason Tibbitts pointed that this is a restriction requested by the
Kernel team, and it'll be your opinion the one that will prevail here)

Hi,

The document "What can be packaged" from "Fedora Packaging
Guidelines", in the section "Only one kernel package" [1], states that
"Fedora allows only a single kernel package; packages containing
alternate kernels are not allowed in the distribution."

While not explicitly stated there, I suspect (please correct me if I'm
wrong) that statement was written with the idea of preventing
alternate kernels that could be used to boot the system. With this
premise in mind, I was wondering if non-bootable kernels (that is,
kernels in a binary format that's not accepted by a conventional boot
loader) would be accepted for packaging.

I'm asking this because I would like to package "libkrunfw" [2], a
dynamic library that bundles an slightly modified minimalist Linux
kernel. The library doesn't really link against the kernel (in the
sense that it doesn't resolve any symbols nor calls to any of its
code), it just bundles it in a binary format that allows it to be
directly injected in a KVM memory region, so it's quite similar to a
compressed image format, but for a different use case.

"libkrunfw" is consumed by "libkrun" [3], another dynamic library that
allows programs to acquire virtualization-based process isolation
capabilites. The main user of "libkrun" is "crun", when built with
"--with-libkrun", an OCI runtime used by "podman". When all pieces are
in place, users can easily run containers with virtualization-based
isolation by adding some additional flags to the "podman" command
line. I have a COPR repository with pre-built alternative packages as
a demonstration [4].

There are a number of reasons why we can't use the kernel that ships
with Fedora:

 - We carry a small number of patches with minor changes that modify
   the behavior of the kernel for this particular use case. Without
   them, we can't provide an streamlined UX for running isolated
   processes.

 - We need an aggressive minimalist configuration to reduce the memory
   footprint of each container/isolated process.

 - We need it to be bundled in a dynamic library, so their contents
   are mapped into the process memory, enabling programs to switch
   between namespaces without the need to carry the kernel binary with
   them. The binary object also needs to be properly aligned to allow
   direct injection into the KVM memory region without additional
   copies.

Given that "libkrunfw" bundles a kernel image that can't be used for
booting the system, would it be acceptable to package it in Fedora?

Thanks,
Sergio.

[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/what-can-be-packaged/#_only_one_kernel_package
[2] https://github.com/containers/libkrunfw
[3] https://github.com/containers/libkrun
[4] https://copr.fedorainfracloud.org/coprs/slp/crun-krun/
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux