On Fri, Feb 28, 2014 at 2:43 PM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > For the sake of keeping people in the loop, here's a first pass at the > Fedora Server technical specification that we will be discussing in a > meeting in #fedora-meeting-1 in about 75 minutes. > > If you can't attend, please make comments on the > server@xxxxxxxxxxxxxxxxxxxxxxx mailing list, so they're all in one place. > > - -------- Original Message -------- > Subject: Server Technical Specification: Agenda and First Draft > Date: Fri, 28 Feb 2014 08:40:02 -0500 > From: Stephen Gallagher <sgallagh@xxxxxxxxxx> > Reply-To: server@xxxxxxxxxxxxxxxxxxxxxxx > To: server@xxxxxxxxxxxxxxxxxxxxxxx > > I've created a wiki page[1] for the Technical Specification that we > are working on. I've copied much of the structure from the Workstation > tech spec, as it was well organized. > > There are quite a few sections in it that I have tagged as UNAPPROVED. > I believe we need to make these the agenda for the Tech Spec Working > Session today. What we will do is quickly go through each of them. > We'll mark any that are uncontested as "Approved" and then go back and > discuss any that need discussion. > > > [1] https://fedoraproject.org/wiki/Server/Technical_Specification Just copying IRC snipped from #fedora-devel: <drago01> sgallagh: "systemd-nspawn will be used to manage containerization capabilities. " did I miss something or doesn't upstream say that it should not be used for anything that needs secruity? <sgallagh> drago01: Last I heard, the Dans (Walsh and Berrange) had SELinux working with it now. <mclasen> dargo01: I think that statement may be evolving ? <sgallagh> And Docker is moving to systemd-nspawn and away from lxc <mclasen> but certainly valuable to raise the question on the list, and see if lennart, dan or dan want to chime in <drago01> sgallagh: "Note that even though these security precautions are taken systemd-nspawn is not suitable for secure container setups. Many of the security features may be circumvented and are hence primarily useful to avoid accidental changes to the host system from the container. The intended use of this program is debugging and testing as well as building of packages, distributions and software involved with boot and systems mana <drago01> gement." [1] <sgallagh> So it's definitely the way forward. <drago01> sgallagh, mclasen : ok makes sense So I am not sure if that has changed yet or not but if it has we should at least get the man page updated. 1: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html (man page) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
