On Fri, Nov 13, 2015, at 05:07 AM, Jan Pazdziora wrote:
> On Thu, Nov 12, 2015 at 09:00:31PM -0500, Colin Walters wrote:
> >
> > Can you improve the commit message? It currently is mostly "what"
> > but not much "why" (and the subject line should be imperative tense matching
> > the rest of the style).
> > Something like:
> >
> > ```
> > manifest: Add requirements for host fedora/sssd container
> >
> > Having these dependencies on the host are necessary in order for the
> > new `fedora/sssd` container to work. For more information, see:
> >
> > https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2015-October/msg00055.html
>
> Please find fixed patch in attachment.
Yes, this looks better, thanks!
For reference, looks like the package-level diff is:
# rpm-ostree db --repo=repo diff fedora-atomic/rawhide/x86_64/docker-host{^,}
ostree diff commit old: fedora-atomic/rawhide/x86_64/docker-host^
(cba7d2e910746c6e883933a38e88acdb888a4976ed68845502aa03ab2710c511)
ostree diff commit new: fedora-atomic/rawhide/x86_64/docker-host
(9195bf3a53201e07b832bba4bd475d7999b4e026c35d55ee3b7440001574d66c)
Added:
libsss_idmap-1.13.1-5.fc24.x86_64
libsss_nss_idmap-1.13.1-5.fc24.x86_64
oddjob-0.34.3-1.fc23.x86_64
oddjob-mkhomedir-0.34.3-1.fc23.x86_64
psmisc-22.21-7.fc23.x86_64
sssd-client-1.13.1-5.fc24.x86_64
#
Merged:
https://git.fedorahosted.org/cgit/fedora-atomic.git/commit/?id=5aef550246201bf0b9df976cd9c079ba5536b88c
> Yes. We pull host's uids to the container in runtime
>
>
> https://github.com/fedora-cloud/Fedora-Dockerfiles/blob/master/sssd/run.sh#L11
>
> so that hopefully covers at least some of the use cases -- for example,
> you can use host's usernames in /etc/sssd/sssd.conf (think apache) and
> the sssd in the container will not complain because it will know about
> them.
I'd expect `apache` to always be a user in a different container, not on the
host.
But for things like the systemd users, yes.
> How are other "system" containers addressing it? What is the process
> of rebuilding these containers to keep them en par with the Atomic
> versions, and the naming?
At present I'm not sure of a naming convention. We don't even have
official Docker image building in Fedora yet. It's actively being worked
on at least.
