Re: COPR

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/30/2013 05:59 PM, Daniel P. Berrange wrote:
On Fri, Aug 30, 2013 at 11:52:05AM -0400, Colin Walters wrote:
On Fri, 2013-08-30 at 09:01 -0400, Colin Walters wrote:
Also, wow, I just followed and read the link:
http://lists.opensuse.org/opensuse-buildservice/2013-07/msg00044.html

I know this is old code and stuff, but writing the data to the swap
partition sounds very Rube Goldberg.

It sounds complicated. But the reason is:
since during build, the code is run under root, you must assume very hostile environment.
The packager can do on builder *anything*. Even modify file system. Directly on block device.
And if you mount the guestfs as whole FS, there is potential to exploit kernel FS. In past there were problems where kernel oopsed because FS was damaged. So OBS team decided that this has potential for exploit and into swap data is written number of blocks where the files reside and from that guest FS are read just those blocks directly. Using virtio-serial can be used for that, but I guess that it was not available at that time (and AFAIK it will not work no s390 zVM).

Also reading that directly (instead of tar-ing) will save some time for big results (1.1 GB texlive or 9GB DVD image).

But personally I think this is just implementation detail. Not the biggest question on this decision.

Now that virtio-serial exists,
it's easy to set up arbitrary private guest-host communication channels
without involving networking/TCP.

Were OBS to use mock in a VM I'd expect it to basically do:

tar cf /dev/virtio-ports/org.fedoraproject.mock /var/lib/mock/result

and then the host could read that tar file.

Or you could just map a directory on the host into /var/lib/mock/result
in the guest, using the virtio-9p filesystem feature of KVM. Basically
this gives you shared filesystem, but without any TCP/networking involved.

NB, works with KVM in Fedora hosts, but not RHEL which does not ship 9p
support

Thanks for pointing me to these two technologies, I was not aware of them.

--
Miroslav Suchy, RHCE, RHCDS
Red Hat, Software Engineer, #brno, #devexp, #fedora-buildsys
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux