On 4/21/23 11:13, David Michael wrote: > Hi, > > Following up on this, Firecracker has been accepted and submitted to > Fedora. Thanks to Fabio for all of the Rust reviews. > > F37 https://bodhi.fedoraproject.org/updates/FEDORA-2023-dca8124d3b > F38 https://bodhi.fedoraproject.org/updates/FEDORA-2023-edcbcf18e0 > > Some quick comments on the TODO from the original e-mail: > > On Sat, Mar 4, 2023 at 12:40 PM David Michael <fedora.dm0@xxxxxxxxx> wrote: >> - The musl package adds /usr paths for compatibility with the compiler --sysroot option. >> - The rust compiler adds musl target subpackages. > > Targeting musl was dropped after the initial discussion, so there is > no sandbox or seccomp filter in Fedora until that can be implemented > with dynamic linking glibc upstream. I'll keep the Copr repo[0] > active for a while to provide musl builds. Would it be possible to add a warning to this effect? Without any form of sandboxing Firecracker is not suitable for production use. Does the sandboxed portion of Firecracker do anything that would require an NSS (name service switch) lookup, such as DNS or username resolution? If not, then I don’t see why musl (which Fedora already ships!) would be a problem. If it does, could the lookups be moved to a separate process? -- Sincerely, Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
