Re: fakesystemd package breaking builds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lennart Poettering píše v St 27. 08. 2014 v 21:15 +0200:
> On Wed, 27.08.14 21:00, Václav Pavlín (vpavlin@xxxxxxxxxx) wrote:
> 
> > >I also offered to split out the hwdb in Brno, if you remember. If this
> > >is about the hwdb, then let's just do that...
> >
> > Talk to Michal Sekletar about it then - he is working on "something"
> > we call systemd-container internally. We need systemd running in
> > Docker container. I don't like to have needless stuff in images but
> > if the result is "just drop the hwdb" then I am fine with that.
> 
> As discussed in Brno, "not liking to have needless stuff around" alone
> is really not a convincing reason. 
> 
> I mean, you could make the case for the size of things, but afaics this
> doesn't hold any water here... kmod is a 150K dep, and the other stuff,
> is that any bigger? For 150K we shouldn't complicate things this much...
> 
> You could also make the case for the dependencies, but this is kind the
> same as the size argument...
> 
> And you could make the case for "security", but that's really wrong too,
> since recent systemd versions have exactly zero suid binaries, and if
> you don't run the daemons, then you have exactly zero ways to raise your
> priviliges. And just having dead code lying around is not really an
> issue. I mean, if you managed to exploit something and smuggled in some
> code, then you smuggled in some code, why would make it any difference
> if there's dead code lying around or not in the container?
> 
> > >But regarding kmod/devicemapper, can we please get some stats about how
> > >big this individually are, and how much is saved by this? kmod at least
> > >is 150K or so only. Is there really any value in doing this weird stuff
> > >for a fricking 150K?! Fedora has no bigger fishes to fry?
> > I'll prepare stats for you tomorrow.
> > >
> > >The systemd-container or fakesystemd stuff sounds awfully adhoc. Can we
> > >please always discuss this first, and see if we can find a different
> > >solution? We don't need three different "solutions", if one works
> > >too...
> >
> > We've talked about this on Flock - it's not only about disk space
> > but also about security reasons (CC'ing Dan Walsh). My goal was not
> 
> Dan, can you elaborate what the rationale for this is?
> 
> > to have needless junk in base image - if we are not going to use
> > systemd to manage services there, why should it be there with all
> > it's dependencies?
> 
> This sounds awfully like a "just because!" reason... 
> 
> Lennart
> 
> -- 
> Lennart Poettering, Red Hat

I think that there was a problem in communication. We are *not* going to
create systemd-container in fedora. That was just for rhel, because at
least I wanted some quick and dirty solution. Our current plan in fedora
is patch systemd to run in docker and split the hwdb, that's all.

Lukas

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux