-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/28/2014 08:56 AM, drago01 wrote: > On Fri, Feb 28, 2014 at 2:43 PM, Stephen Gallagher <sgallagh@xxxxxxxxxx> > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> >> For the sake of keeping people in the loop, here's a first pass at the >> Fedora Server technical specification that we will be discussing in a >> meeting in #fedora-meeting-1 in about 75 minutes. >> >> If you can't attend, please make comments on the >> server@xxxxxxxxxxxxxxxxxxxxxxx mailing list, so they're all in one >> place. >> >> - -------- Original Message -------- Subject: Server Technical >> Specification: Agenda and First Draft Date: Fri, 28 Feb 2014 08:40:02 >> -0500 From: Stephen Gallagher <sgallagh@xxxxxxxxxx> Reply-To: >> server@xxxxxxxxxxxxxxxxxxxxxxx To: server@xxxxxxxxxxxxxxxxxxxxxxx >> >> I've created a wiki page[1] for the Technical Specification that we are >> working on. I've copied much of the structure from the Workstation tech >> spec, as it was well organized. >> >> There are quite a few sections in it that I have tagged as UNAPPROVED. I >> believe we need to make these the agenda for the Tech Spec Working >> Session today. What we will do is quickly go through each of them. We'll >> mark any that are uncontested as "Approved" and then go back and discuss >> any that need discussion. >> >> >> [1] https://fedoraproject.org/wiki/Server/Technical_Specification > > Just copying IRC snipped from #fedora-devel: > > <drago01> sgallagh: "systemd-nspawn will be used to manage containerization > capabilities. " did I miss something or doesn't upstream say that it should > not be used for anything that needs secruity? <sgallagh> drago01: Last I > heard, the Dans (Walsh and Berrange) had SELinux working with it now. > <mclasen> dargo01: I think that statement may be evolving ? <sgallagh> And > Docker is moving to systemd-nspawn and away from lxc <mclasen> but > certainly valuable to raise the question on the list, and see if lennart, > dan or dan want to chime in <drago01> sgallagh: "Note that even though > these security precautions are taken systemd-nspawn is not suitable for > secure container setups. Many of the security features may be circumvented > and are hence primarily useful to avoid accidental changes to the host > system from the container. The intended use of this program is debugging > and testing as well as building of packages, distributions and software > involved with boot and systems mana <drago01> gement." [1] <sgallagh> So > it's definitely the way forward. <drago01> sgallagh, mclasen : ok makes > sense > > So I am not sure if that has changed yet or not but if it has we should at > least get the man page updated. > > 1: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html (man > page) > Well this has changed again. Docker is now going native. It will support containers directly and not require a different set of tooling like lxc, systemd-nspawn or libvirt-lxc. This will be the default, and I guess people could experiment with others. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMQ83cACgkQrlYvE4MpobOEgQCfQESi91IRFRRP3W6QwNKFDC58 SAwAoKBHrTBI7H7TrswQR6xIPnav8+Yd =nOjO -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
