On Mar 5, 2023, at 10:19 AM, Kevin Kofler via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > David Michael wrote: >> - Firecracker can be built with Fedora's libc (glibc), but it is >> officially unsupported upstream[3]. Functionality would be harmed by >> not using musl, e.g. seccomp filters are not used. > > Upstream's refusal to write seccomp filters that work with glibc should be a > red flag. It is definitely possible to sandbox glibc applications with > seccomp, e.g., Chromium does it. It does need updates/fixes to the seccomp > rules with almost every new version of glibc, but it is possible. I’m happy to engage with the Firecracker team and get everyone together to talk through the issues. We did used to package Firecracker for Amazon Linux (in an AL2 Extra), but it had literally zero users from our repos (lambda and others build their own). This could be due to just Firecracker by itself isn’t too useful without some other easy integration with something like containerd. That being said, I’d be interested in what use cases people have for it packaged in fedora. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
