On Fri, Aug 30, 2013 at 11:57:19AM +0200, 80 wrote: > Hi, > > if you have a grudge against our infra team, OBS is the best option. > More seriously, OBS has a major flaw: it's a pain to deploy or update and > we need to have people able to fix bugs in a rails app. > > I advise you to discuss this with infra team before considering further > this option. > > > One quick remark: > > build package in VM, which is safer then Koji (just chroot in Koji) > > Safer, but it has an overhead. I'd rather add LXC support to Koji (much > less overhead and pretty much as safe as heavier virtualization solutions). That statement about security is absolutely not the case. With a shared kernel for LXC there is significantly higher security risk. A local root exploit will let a container take over the entire host, and there's nothing we can do with namespaces or selinux to prevent that attack vector. With KVM, a local root exploit only lets you compromise the one VM, they then still need to exploit QEMU/KVM and then get another local root exploit for the host. Even ignoring the shared kernel aspects, having a secure LXC deployment requires use of user namespaces which are a new feature not yet available in Fedora since the conflict with XFS. With the user namespace feature enabled, many types of kernel flaw will have increased severity because functionality that was previously restricted to root, is now available to non-root process which have started a new user namespace. eg crashes that could be triggered by root only and thus not be classed as security flaws, could now become privilege escalation flaws. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
