On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote: > On Mon, 28.04.14 17:01, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > > > The problem is lots of services require systemd because they ship a > > unit file and want systemctl reload to happen. Systemd then triggers a > > require for udev and kmod, which docker containers do not need. > > If you discount the docs/man pages of the RPMs, how much does kmod, > udev, systemd actually contribtue in bytes to your docker images? Its around 15 megs or so, although on rhel7 its 20 megs larger because of a dependency that kmod has on /usr/bin/nm (binutils) that doesn't seem to be there on fedora kmod. This seems like a bug in fedora though, as kmod ships /usr/sbin/weak-modules which calls nm, so once fixed fedora would be at 35 meg too. But, even if the size is small that is not the full picture. There are a bunch of dependencies like dbus (the daemon), device-mapper, kmod, and iptables that are recursively pulled in by systemd that don't really make sense in a container. Having such things there increases the risk of security issues even if they are not in use (maybe something is setuid?). Furthermore, things being in the base image by "accident" means these packages get cemented into some kind of "ABI" that we probably have to keep forever, as apps could rely on them. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
