On Tue, Nov 4, 2014 at 8:42 AM, Miloslav Trmač <mitr@xxxxxxxxxx> wrote: > Hello, > ----- Original Message ----- >> On Mon, 03.11.14 09:13, Miloslav Trmač (mitr@xxxxxxxxxx) wrote: >> > Hello, >> > ----- Original Message ----- >> > > On Fri, 31.10.14 10:04, Andrew Lutomirski (luto@xxxxxxx) wrote: >> > > >> > > > I filed an FPC ticket: https://fedorahosted.org/fpc/ticket/467 >> > > > >> > > > Thoughts? >> > > >> > > I very much agree with this, but I'd really prefer if we'd list what >> > > is allowed rather than just declare what is forbidden. >> > >> > What is the use case for such a blanket requirement? fpc/467 lists >> > the virt thing I so far disagree with, and other uses cases in there >> > actually need much less than all of /usr. >> >> We are working on allowing stateless system boot up with /usr. For >> that I really want the ability that any user can copy /usr to some >> other place without having privileges, and then boot that >> up. Replicating a system shouldn't require privileges. > > Could you expand on the flow of thought from “stateless system“ to “distribution by replication” and (separately?) “administration/replication by any user”? I don’t see how that follows. > I can only speak for my own perspective on this, which may not match Lennart's at all: A major part of the stateless system idea is that /usr should contain all of the files needed to boot what is effectively a fresh install. IOW, systemd should be able to boot a fully-functional system that starts with an empty /etc and /var, OS code in /usr, and a handful of kernel-provided mounts and symlinks filling out the root directory. If /usr is world-readable, then an unprivileged user can use /usr to boot a fully-functional Fedora system in a number of ways. They can pipe it into QEMU/KVM using virtfs (what virtme does, although it's not currently targeting this usecase), they can bind-mount it into an unprivileged container (I have no idea whether LXC can do this easily right now, but it's straightforward. I imagine that someone will add support to nspawn to do exactly this at some point. As of the last time I looked at the nspawn code, it wasn't set up for this yet, though.) They can serve it over whatever protocol they like (NFS using Ganesha, for example) to another physical machine and run it there. I'm sure that other people might think of other uses for this. virtme will give you a fully function Fedora shell right now (no systemd) in a couple of seconds. You can try it: $ sudo dnf install virtme qemu-system-x86 [or whatever the appropriate QEMU is] $ virtme-run --installed-kernel If you try to run any of the audit tools inside virtme, you can't, because virtme can't read them from /usr. If I wrote the small amount of code needed, then you could run: $ virtme-run --installed-kernel --stateless-usr=/usr --graphics This is likely to have all kinds of problems as a result of the polkit rules being unreadable, though. See: http://0pointer.net/blog/projects/stateless.html --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct